Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
3OQL58yflv.exe

Overview

General Information

Sample name:3OQL58yflv.exe
renamed because original name is a hash value
Original sample name:230f90bb0e0b11907854e59e63a040b0524fe3e3d6790d290d6fca8d2e0a73f0.exe
Analysis ID:1581648
MD5:6cb409f46ff2c5fff4dccec2daa01c68
SHA1:da84249c2f7ec40d36c2cd0771d6587471ef6c8a
SHA256:230f90bb0e0b11907854e59e63a040b0524fe3e3d6790d290d6fca8d2e0a73f0
Tags:exeuser-zhuzhu0009
Infos:

Detection

Metasploit
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Metasploit Payload
AI detected suspicious sample
Contains functionality to infect the boot sector
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to enumerate running services
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 3OQL58yflv.exe (PID: 6300 cmdline: "C:\Users\user\Desktop\3OQL58yflv.exe" MD5: 6CB409F46FF2C5FFF4DCCEC2DAA01C68)
    • 3OQL58yflv.exe (PID: 6520 cmdline: "C:\Users\user\Desktop\3OQL58yflv.exe" MD5: 6CB409F46FF2C5FFF4DCCEC2DAA01C68)
  • cleanup

Malware Configuration

Threatname: Metasploit

{"Type": "Metasploit Connect", "IP": "202.182.125.24", "Port": 20529}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.2934511808.00000225EDFB0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
    00000001.00000002.2934511808.00000225EDFB0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Metasploit_c9773203Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.unknown
    • 0x81:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
    00000001.00000002.2934511808.00000225EDFB0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Metasploit_91bc5d7dunknownunknown
    • 0xd7:$a: 49 BE 77 73 32 5F 33 32 00 00 41 56 49 89 E6 48 81 EC A0 01 00 00 49 89 E5
    00000001.00000002.2933864941.00000225ED810000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Metasploit_c9773203Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.unknown
    • 0x8f6b1:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
    00000001.00000002.2933864941.00000225ED810000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Metasploit_91bc5d7dunknownunknown
    • 0x8f707:$a: 49 BE 77 73 32 5F 33 32 00 00 41 56 49 89 E6 48 81 EC A0 01 00 00 49 89 E5
    Click to see the 3 entries

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Found malware configuration
    Source: 00000001.00000002.2934511808.00000225EDFB0000.00000040.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Metasploit {"Type": "Metasploit Connect", "IP": "202.182.125.24", "Port": 20529}
    Multi AV Scanner detection for submitted file
    Source: 3OQL58yflv.exeVirustotal: Detection: 16%Perma Link
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.5% probability
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10256244 CRYPTO_memcmp,1_2_00007FFE10256244
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE102518E0 _Py_NoneStruct,_PyArg_UnpackKeywords,PyObject_GetBuffer,PyBuffer_IsContiguous,PyObject_GetBuffer,PyBuffer_IsContiguous,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,EVP_PBE_scrypt,PyBytes_FromStringAndSize,PyEval_SaveThread,EVP_PBE_scrypt,PyEval_RestoreThread,PyExc_ValueError,PyErr_SetString,PyBuffer_Release,PyBuffer_Release,PyLong_AsLong,PyErr_Occurred,PyLong_AsLong,PyErr_Occurred,PyExc_ValueError,PyExc_ValueError,PyErr_Format,_PyArg_BadArgument,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_OverflowError,PyExc_OverflowError,_Py_Dealloc,PyExc_ValueError,1_2_00007FFE102518E0
    Source: 3OQL58yflv.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1685684873.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1685933492.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1682887726.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
    Source: Binary string: ucrtbase.pdb source: 3OQL58yflv.exe, 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.0.dr
    Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683521043.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
    Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1682580120.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: 3OQL58yflv.exe, 00000001.00000002.2935012657.00007FFDFAF72000.00000002.00000001.01000000.00000011.sdmp, libcrypto-3.dll.0.dr
    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1684849273.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1685493954.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1686006892.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: 3OQL58yflv.exe, 00000000.00000003.1680057346.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: 3OQL58yflv.exe, 00000000.00000003.1681536854.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
    Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683186995.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1685040237.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1684537254.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1685334865.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: 3OQL58yflv.exe, 00000001.00000002.2938699098.00007FFE13341000.00000002.00000001.01000000.00000008.sdmp, _ctypes.pyd.0.dr
    Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1682696579.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: 3OQL58yflv.exe, 00000000.00000003.1680766930.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2937619663.00007FFE10257000.00000002.00000001.01000000.00000010.sdmp, _hashlib.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
    Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683784354.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1682389062.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1682771950.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1685220203.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: pyexpat.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: 3OQL58yflv.exe, 00000000.00000003.1681422874.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmp, _lzma.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: 3OQL58yflv.exe, 00000000.00000003.1680186279.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2938312798.00007FFE11EDD000.00000002.00000001.01000000.0000000A.sdmp, _bz2.pyd.0.dr
    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683980243.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
    Source: Binary string: ucrtbase.pdbUGP source: 3OQL58yflv.exe, 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: 3OQL58yflv.exe, 00000000.00000003.1681792361.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmp, _socket.pyd.0.dr
    Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1686189826.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: 3OQL58yflv.exe, 00000001.00000002.2936020627.00007FFDFB5F3000.00000002.00000001.01000000.00000005.sdmp, python312.dll.0.dr
    Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683032791.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: 3OQL58yflv.exe, 00000000.00000003.1693570804.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2935427863.00007FFDFB1DF000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: libcrypto-3.dll.0.dr
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.0.11 19 Sep 20233.0.11built on: Wed Sep 27 22:33:28 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_param..\s\crypto\params.c source: 3OQL58yflv.exe, 00000001.00000002.2935012657.00007FFDFAF72000.00000002.00000001.01000000.00000011.sdmp, libcrypto-3.dll.0.dr
    Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1684691070.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.0.dr
    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683702539.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1682504937.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1685143237.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: 3OQL58yflv.exe, 00000000.00000003.1680057346.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1685749217.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683446448.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: libcrypto-3.dll.0.dr
    Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683862948.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: 3OQL58yflv.exe, 00000000.00000003.1692825548.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2938612939.00007FFE13303000.00000002.00000001.01000000.0000000D.sdmp, select.pyd.0.dr
    Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683590185.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1686295316.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1684084374.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1684968920.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1684460676.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1682958033.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\libssl-3.pdbEE source: libssl-3.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: 3OQL58yflv.exe, 00000000.00000003.1681422874.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmp, _lzma.pyd.0.dr
    Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1685823423.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683331738.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: 3OQL58yflv.exe, 00000000.00000003.1681694406.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, _queue.pyd.0.dr
    Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683259370.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: 3OQL58yflv.exe, 00000000.00000003.1682274213.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2938526688.00007FFE130C4000.00000002.00000001.01000000.00000012.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: 3OQL58yflv.exe, 00000000.00000003.1682274213.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2938526688.00007FFE130C4000.00000002.00000001.01000000.00000012.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: 3OQL58yflv.exe, 00000000.00000003.1689711480.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2932965280.00000225EB5D0000.00000002.00000001.01000000.00000007.sdmp, python3.dll.0.dr
    Source: Binary string: D:\a\1\b\libssl-3.pdb source: libssl-3.dll.0.dr
    Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1685560720.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1686079093.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: _ssl.pyd.0.dr
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E37788D0 FindFirstFileExW,FindClose,0_2_00007FF6E37788D0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3787E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6E3787E4C
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3791EE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6E3791EE4
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3787E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6E3787E4C
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013F304C FindFirstFileExW,FindNextFileW,FindClose,1_2_00007FFE013F304C
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013F3290 FindFirstFileExW,FindNextFileW,FindClose,1_2_00007FFE013F3290
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10302E70 memset,PyList_New,SetErrorMode,PyArg_ParseTuple,PyObject_IsTrue,PyEval_SaveThread,GetLogicalDriveStringsA,PyEval_RestoreThread,PyErr_SetFromWindowsErr,SetErrorMode,PyEval_SaveThread,GetDriveTypeA,PyEval_RestoreThread,GetVolumeInformationA,strcat_s,SetLastError,strcat_s,strcat_s,strcat_s,FindFirstVolumeMountPointA,strcpy_s,strcat_s,Py_BuildValue,PyList_Append,_Py_Dealloc,FindNextVolumeMountPointA,FindVolumeMountPointClose,strcat_s,strcat_s,Py_BuildValue,PyList_Append,_Py_Dealloc,strchr,SetErrorMode,FindVolumeMountPointClose,SetErrorMode,_Py_Dealloc,_Py_Dealloc,1_2_00007FFE10302E70
    Source: global trafficTCP traffic: 192.168.2.4:49730 -> 202.182.125.24:20529
    Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: unknownTCP traffic detected without corresponding DNS query: 202.182.125.24
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11516594 memset,recvfrom,1_2_00007FFE11516594
    Source: 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED410000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED971000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED4A7000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED9A4000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED5C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
    Source: 3OQL58yflv.exe, 00000000.00000003.1680501853.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.co
    Source: 3OQL58yflv.exe, 00000000.00000003.1689563389.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681536854.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681694406.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682126183.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680323317.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1690397598.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1693570804.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680766930.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B1384000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1692825548.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680501853.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688679282.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1689711480.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680186279.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682274213.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688540462.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681792361.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681422874.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: 3OQL58yflv.exe, 00000000.00000003.1689563389.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681536854.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681694406.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682126183.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680323317.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1690397598.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1693570804.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680766930.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B1384000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1692825548.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680501853.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688679282.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1689711480.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680186279.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682274213.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688540462.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681792361.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681422874.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: 3OQL58yflv.exe, 00000000.00000003.1689563389.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681536854.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681694406.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682126183.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680323317.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1690397598.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1693570804.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680766930.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B1384000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1692825548.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680501853.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688679282.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1689711480.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680186279.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682274213.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688540462.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681792361.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681422874.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: 3OQL58yflv.exe, 00000000.00000003.1689563389.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681536854.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681694406.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682126183.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680323317.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1690397598.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1693570804.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680766930.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B1384000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1692825548.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680501853.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688679282.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1689711480.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680186279.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682274213.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688540462.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681792361.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681422874.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: 3OQL58yflv.exe, 00000000.00000003.1682126183.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digi
    Source: 3OQL58yflv.exe, 00000000.00000003.1689563389.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681536854.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681694406.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682126183.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680323317.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1690397598.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1693570804.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680766930.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B1384000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1692825548.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680501853.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688679282.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1689711480.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680186279.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682274213.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688540462.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681792361.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681422874.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: 3OQL58yflv.exe, 00000000.00000003.1689563389.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681536854.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681694406.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682126183.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680323317.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1690397598.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1693570804.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680766930.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B1384000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1692825548.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680501853.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688679282.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1689711480.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680186279.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682274213.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688540462.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681792361.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681422874.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: 3OQL58yflv.exe, 00000000.00000003.1689563389.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681536854.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681694406.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682126183.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680323317.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1690397598.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1693570804.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680766930.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B1384000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1692825548.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680501853.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688679282.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1689711480.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680186279.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682274213.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688540462.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681792361.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681422874.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: python312.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: 3OQL58yflv.exe, 00000000.00000003.1689563389.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681536854.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681694406.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682126183.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680323317.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1690397598.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1693570804.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680766930.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B1384000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1692825548.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680501853.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688679282.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1689711480.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680186279.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682274213.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688540462.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681792361.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681422874.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED410000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED4A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
    Source: 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED4A7000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED9A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
    Source: 3OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED971000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED4A7000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED5C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
    Source: 3OQL58yflv.exe, 00000001.00000002.2934131144.00000225EDD10000.00000004.00001000.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1705716830.00000225ED568000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2934131144.00000225EDD98000.00000004.00001000.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933864941.00000225ED810000.00000004.00001000.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2934261575.00000225EDE10000.00000004.00001000.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1706113469.00000225ED5D9000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED410000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED568000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED5C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
    Source: 3OQL58yflv.exe, 00000001.00000002.2933723346.00000225ED610000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl.
    Source: 3OQL58yflv.exe, 00000001.00000002.2933864941.00000225ED810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
    Source: 3OQL58yflv.exe, 00000000.00000003.1689563389.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681536854.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681694406.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682126183.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680323317.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1690397598.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1693570804.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680766930.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B1384000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1692825548.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680501853.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688679282.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1689711480.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680186279.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682274213.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688540462.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681792361.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681422874.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
    Source: 3OQL58yflv.exe, 00000000.00000003.1689563389.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681536854.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681694406.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682126183.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680323317.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1690397598.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1693570804.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680766930.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B1384000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1692825548.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680501853.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688679282.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1689711480.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680186279.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682274213.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688540462.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681792361.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681422874.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
    Source: 3OQL58yflv.exe, 00000000.00000003.1689563389.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681536854.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681694406.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682126183.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680323317.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1690397598.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1693570804.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680766930.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B1384000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1692825548.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680501853.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688679282.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1689711480.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680186279.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682274213.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688540462.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681792361.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681422874.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: 3OQL58yflv.exe, 00000000.00000003.1689563389.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681536854.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681694406.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682126183.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680323317.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1690397598.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1693570804.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680766930.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B1384000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1692825548.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680501853.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688679282.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1689711480.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680186279.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682274213.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688540462.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681792361.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681422874.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
    Source: 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED410000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED5C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
    Source: 3OQL58yflv.exe, 00000001.00000002.2934261575.00000225EDE28000.00000004.00001000.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2934131144.00000225EDDD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
    Source: 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED410000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED9C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
    Source: 3OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED9B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
    Source: 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED410000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED4A7000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED5C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
    Source: 3OQL58yflv.exe, 00000000.00000003.1689563389.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681536854.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681694406.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682126183.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680323317.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1690397598.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1693570804.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680766930.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B1384000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1687337747.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1692825548.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680501853.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688679282.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1689711480.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1680186279.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1682274213.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1688540462.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681792361.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000000.00000003.1681422874.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
    Source: 3OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED9B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
    Source: 3OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED9C5000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED5C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
    Source: 3OQL58yflv.exe, 00000001.00000003.1705716830.00000225ED568000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1704847466.00000225ED568000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1703984622.00000225ED568000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
    Source: 3OQL58yflv.exe, 00000001.00000003.1706551243.00000225ED441000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1702820222.00000225ED447000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1704184836.00000225ED447000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED410000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1705187832.00000225ED44A000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1703332592.00000225ED447000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
    Source: 3OQL58yflv.exe, 00000001.00000002.2933281372.00000225ED0D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
    Source: 3OQL58yflv.exe, 00000001.00000002.2934131144.00000225EDD10000.00000004.00001000.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1703940257.00000225ED5D9000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1703940257.00000225ED5CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
    Source: 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED4D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/openssl/openssl/blob/master/include/openssl/pem.h
    Source: 3OQL58yflv.exe, 00000001.00000002.2933192259.00000225ED04C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
    Source: 3OQL58yflv.exe, 00000001.00000002.2933281372.00000225ED0D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
    Source: 3OQL58yflv.exe, 00000001.00000002.2933281372.00000225ED0D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
    Source: 3OQL58yflv.exe, 00000001.00000003.1703547252.00000225ED5C8000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1705716830.00000225ED4D3000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1703739611.00000225ED5DF000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1703984622.00000225ED4D3000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1704847466.00000225ED4D3000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED4D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
    Source: 3OQL58yflv.exe, 00000001.00000002.2933281372.00000225ED0D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
    Source: 3OQL58yflv.exe, 00000001.00000003.1706113469.00000225ED5D9000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933864941.00000225ED8F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tqdm/tqdm#contributions
    Source: 3OQL58yflv.exe, 00000001.00000002.2933864941.00000225ED8F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tqdm/tqdm#contributionstegerame.
    Source: 3OQL58yflv.exe, 00000001.00000002.2933864941.00000225ED810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tqdm/tqdm/issues/481)
    Source: 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED5C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
    Source: 3OQL58yflv.exe, 00000001.00000002.2933794424.00000225ED710000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
    Source: 3OQL58yflv.exe, 00000001.00000002.2936020627.00007FFDFB5F3000.00000002.00000001.01000000.00000005.sdmp, python312.dll.0.drString found in binary or memory: https://peps.python.org/pep-0263/
    Source: 3OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED939000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/18603270/
    Source: 3OQL58yflv.exe, 00000001.00000002.2934131144.00000225EDD10000.00000004.00001000.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1703940257.00000225ED5D9000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1703940257.00000225ED5CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
    Source: 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED4A7000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED9A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
    Source: 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED410000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED4A7000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED5C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
    Source: 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED4D3000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED9C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
    Source: 3OQL58yflv.exe, 00000000.00000003.1688679282.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2935326347.00007FFDFB0B3000.00000002.00000001.01000000.00000011.sdmp, libcrypto-3.dll.0.dr, libssl-3.dll.0.drString found in binary or memory: https://www.openssl.org/H
    Source: 3OQL58yflv.exe, 00000001.00000003.1696978814.00000225ED146000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933192259.00000225ECFD0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
    Source: 3OQL58yflv.exe, 00000001.00000002.2936346938.00007FFDFB76B000.00000008.00000001.01000000.00000005.sdmp, python312.dll.0.drString found in binary or memory: https://www.python.org/psf/license/
    Source: 3OQL58yflv.exe, 00000001.00000002.2936020627.00007FFDFB5F3000.00000002.00000001.01000000.00000005.sdmp, python312.dll.0.drString found in binary or memory: https://www.python.org/psf/license/)

    System Summary

    barindex
    Malicious sample detected (through community Yara rule)
    Source: 00000001.00000002.2934511808.00000225EDFB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
    Source: 00000001.00000002.2934511808.00000225EDFB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_91bc5d7d Author: unknown
    Source: 00000001.00000002.2933864941.00000225ED810000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
    Source: 00000001.00000002.2933864941.00000225ED810000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_91bc5d7d Author: unknown
    Source: 00000001.00000002.2933458373.00000225ED568000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
    Source: 00000001.00000002.2933458373.00000225ED568000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_91bc5d7d Author: unknown
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10301E90 PyList_New,GetActiveProcessorCount,PyErr_SetFromWindowsErr,_Py_Dealloc,free,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,PyExc_RuntimeError,PyErr_SetString,malloc,PyErr_NoMemory,NtQuerySystemInformation,Py_BuildValue,PyList_Append,_Py_Dealloc,free,_Py_Dealloc,1_2_00007FFE10301E90
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10304A70 PyArg_ParseTuple,OpenProcess,GetLastError,GetProcessHeap,HeapAlloc,NtQueryVirtualMemory,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQueryVirtualMemory,PyExc_RuntimeError,PyErr_SetString,CloseHandle,PyErr_Clear,GetProcessHeap,HeapFree,CloseHandle,GetProcessHeap,HeapFree,CloseHandle,Py_BuildValue,PyErr_NoMemory,CloseHandle,1_2_00007FFE10304A70
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10306250 GetProcessHeap,HeapAlloc,GetFileType,SetLastError,NtQueryObject,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,PyErr_NoMemory,GetProcessHeap,HeapFree,1_2_00007FFE10306250
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10306E40 PyExc_RuntimeError,PyErr_SetString,OpenProcess,GetLastError,NtQueryInformationProcess,CloseHandle,CloseHandle,calloc,PyErr_NoMemory,CloseHandle,NtQueryInformationProcess,calloc,PyErr_NoMemory,free,CloseHandle,wcscpy_s,free,CloseHandle,1_2_00007FFE10306E40
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10306AA0 OpenProcess,GetLastError,NtQueryInformationProcess,RtlNtStatusToDosErrorNoTeb,PyErr_SetFromWindowsErrWithFilename,CloseHandle,ReadProcessMemory,GetLastError,CloseHandle,ReadProcessMemory,NtQueryInformationProcess,CloseHandle,ReadProcessMemory,ReadProcessMemory,VirtualQueryEx,GetLastError,PyErr_SetFromWindowsErrWithFilename,CloseHandle,calloc,PyErr_NoMemory,CloseHandle,ReadProcessMemory,GetLastError,CloseHandle,free,CloseHandle,1_2_00007FFE10306AA0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10302480 GetActiveProcessorCount,PyErr_SetFromWindowsErr,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,PyExc_RuntimeError,PyErr_SetString,malloc,PyErr_NoMemory,NtQuerySystemInformation,free,malloc,PyErr_NoMemory,NtQuerySystemInformation,malloc,PyErr_NoMemory,NtQuerySystemInformation,free,free,free,free,free,Py_BuildValue,1_2_00007FFE10302480
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10304680 PyArg_ParseTuple,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,Py_BuildValue,PyUnicode_FromWideChar,GetProcessHeap,HeapFree,PyErr_NoMemory,1_2_00007FFE10304680
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE103073F0 malloc,NtQuerySystemInformation,free,malloc,PyErr_NoMemory,free,free,1_2_00007FFE103073F0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10305720 PyArg_ParseTuple,OpenProcess,GetLastError,NtQueryInformationProcess,CloseHandle,Py_BuildValue,1_2_00007FFE10305720
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10305810 PyArg_ParseTuple,OpenProcess,GetLastError,NtSetInformationProcess,CloseHandle,_Py_NoneStruct,_Py_NoneStruct,1_2_00007FFE10305810
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10304D00 PyArg_ParseTuple,OpenProcess,GetLastError,PyObject_IsTrue,NtSuspendProcess,NtResumeProcess,CloseHandle,_Py_NoneStruct,_Py_NoneStruct,1_2_00007FFE10304D00
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10306600 PyList_New,EnterCriticalSection,GetProcessHeap,HeapAlloc,PyErr_NoMemory,_Py_Dealloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,PyExc_RuntimeError,PyErr_SetString,GetCurrentProcess,DuplicateHandle,PyUnicode_FromWideChar,PyList_Append,_Py_Dealloc,GetProcessHeap,HeapFree,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,_Py_Dealloc,GetProcessHeap,HeapFree,LeaveCriticalSection,1_2_00007FFE10306600
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10302B00: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle,1_2_00007FFE10302B00
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E37963700_2_00007FF6E3796370
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E37972BC0_2_00007FF6E37972BC
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E37779500_2_00007FF6E3777950
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3790F380_2_00007FF6E3790F38
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3781C900_2_00007FF6E3781C90
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3787C980_2_00007FF6E3787C98
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E378E4B00_2_00007FF6E378E4B0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E378A4300_2_00007FF6E378A430
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3783AE40_2_00007FF6E3783AE4
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E378EB300_2_00007FF6E378EB30
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E37942800_2_00007FF6E3794280
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3781A840_2_00007FF6E3781A84
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3790F380_2_00007FF6E3790F38
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E37822A40_2_00007FF6E37822A4
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E37818800_2_00007FF6E3781880
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E37820A00_2_00007FF6E37820A0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3778FD00_2_00007FF6E3778FD0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3799FF80_2_00007FF6E3799FF8
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E378E01C0_2_00007FF6E378E01C
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3771F500_2_00007FF6E3771F50
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3787E4C0_2_00007FF6E3787E4C
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E37886D00_2_00007FF6E37886D0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3791EE40_2_00007FF6E3791EE4
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E37836E00_2_00007FF6E37836E0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E379471C0_2_00007FF6E379471C
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3785F300_2_00007FF6E3785F30
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3787E4C0_2_00007FF6E3787E4C
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3781E940_2_00007FF6E3781E94
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E37965EC0_2_00007FF6E37965EC
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3782D500_2_00007FF6E3782D50
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3796D700_2_00007FF6E3796D70
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFDFB0D18A01_2_00007FFDFB0D18A0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFDFB0D12F01_2_00007FFDFB0D12F0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013881741_2_00007FFE01388174
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013921D01_2_00007FFE013921D0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE014100CC1_2_00007FFE014100CC
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013832741_2_00007FFE01383274
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0138233C1_2_00007FFE0138233C
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0139D4601_2_00007FFE0139D460
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0138F5001_2_00007FFE0138F500
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013AE7701_2_00007FFE013AE770
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013826F81_2_00007FFE013826F8
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0138C9501_2_00007FFE0138C950
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0138F8801_2_00007FFE0138F880
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013ABB9C1_2_00007FFE013ABB9C
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013E7C2C1_2_00007FFE013E7C2C
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0138FC201_2_00007FFE0138FC20
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE01387C301_2_00007FFE01387C30
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013A5A401_2_00007FFE013A5A40
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013F2A781_2_00007FFE013F2A78
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013A0B101_2_00007FFE013A0B10
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0139CAC01_2_00007FFE0139CAC0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE01385DB41_2_00007FFE01385DB4
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE01428E081_2_00007FFE01428E08
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0138BC801_2_00007FFE0138BC80
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013A1C941_2_00007FFE013A1C94
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013F2C581_2_00007FFE013F2C58
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE01382FA01_2_00007FFE01382FA0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0139EF441_2_00007FFE0139EF44
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE01390FF01_2_00007FFE01390FF0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013C1EB01_2_00007FFE013C1EB0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0138EE401_2_00007FFE0138EE40
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE01425E741_2_00007FFE01425E74
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0E1433001_2_00007FFE0E143300
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0E143A301_2_00007FFE0E143A30
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0E1638701_2_00007FFE0E163870
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0E1631401_2_00007FFE0E163140
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0E1825401_2_00007FFE0E182540
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0E181D301_2_00007FFE0E181D30
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EA723E01_2_00007FFE0EA723E0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EA71FB01_2_00007FFE0EA71FB0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB248101_2_00007FFE0EB24810
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB245C01_2_00007FFE0EB245C0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB324901_2_00007FFE0EB32490
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB335201_2_00007FFE0EB33520
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB329B01_2_00007FFE0EB329B0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB32EB01_2_00007FFE0EB32EB0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB31FE01_2_00007FFE0EB31FE0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB31D701_2_00007FFE0EB31D70
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB421201_2_00007FFE0EB42120
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB41D301_2_00007FFE0EB41D30
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB51F001_2_00007FFE0EB51F00
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB521E01_2_00007FFE0EB521E0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE101D1F801_2_00007FFE101D1F80
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE101E22701_2_00007FFE101E2270
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE101E1D301_2_00007FFE101E1D30
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE101E23801_2_00007FFE101E2380
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10231D301_2_00007FFE10231D30
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE102322801_2_00007FFE10232280
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE102421501_2_00007FFE10242150
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE102512B01_2_00007FFE102512B0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE102518E01_2_00007FFE102518E0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE102510001_2_00007FFE10251000
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10301E901_2_00007FFE10301E90
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10302E701_2_00007FFE10302E70
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE103039901_2_00007FFE10303990
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10304DF01_2_00007FFE10304DF0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10308F301_2_00007FFE10308F30
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE103099D01_2_00007FFE103099D0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10302B001_2_00007FFE10302B00
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE103066001_2_00007FFE10306600
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11071FE01_2_00007FFE11071FE0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE115022301_2_00007FFE11502230
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE115112201_2_00007FFE11511220
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11513AD01_2_00007FFE11513AD0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11EA25201_2_00007FFE11EA2520
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11EA8CD01_2_00007FFE11EA8CD0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11EAF8BC1_2_00007FFE11EAF8BC
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11EA5C901_2_00007FFE11EA5C90
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11EA2FD01_2_00007FFE11EA2FD0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11EA1BA01_2_00007FFE11EA1BA0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11EA53601_2_00007FFE11EA5360
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11EA12B01_2_00007FFE11EA12B0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11EA6E501_2_00007FFE11EA6E50
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11ED3F101_2_00007FFE11ED3F10
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11ED2F001_2_00007FFE11ED2F00
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11ED10001_2_00007FFE11ED1000
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11EDC8BC1_2_00007FFE11EDC8BC
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11ED3C801_2_00007FFE11ED3C80
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE130C10C01_2_00007FFE130C10C0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE130C16301_2_00007FFE130C1630
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE133332801_2_00007FFE13333280
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE1333530C1_2_00007FFE1333530C
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE148E2ED01_2_00007FFE148E2ED0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE148E39F01_2_00007FFE148E39F0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE148E32E01_2_00007FFE148E32E0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE148E3F501_2_00007FFE148E3F50
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE148E1F501_2_00007FFE148E1F50
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE148E27A01_2_00007FFE148E27A0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE1A457CA01_2_00007FFE1A457CA0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: String function: 00007FFE10301070 appears 43 times
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: String function: 00007FFE10301D70 appears 39 times
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: String function: 00007FF6E3772B30 appears 47 times
    Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: python3.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: 3OQL58yflv.exe, 00000000.00000003.1683032791.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1682887726.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1689563389.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1685334865.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1685933492.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1680057346.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1681536854.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1682580120.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1684849273.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1685143237.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1686295316.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1681694406.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1686006892.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1683862948.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1682126183.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1683590185.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1680323317.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1682958033.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1685749217.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1686189826.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1693570804.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1683186995.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1682771950.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1685560720.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1683259370.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1683702539.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1680766930.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1683980243.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1682389062.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1684968920.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1692825548.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1682504937.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1685220203.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1684084374.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1686079093.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1682696579.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1683784354.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1685040237.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1683331738.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1684460676.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1680501853.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1688679282.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1684537254.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1683446448.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1684691070.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1689711480.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1680186279.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1682274213.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1683521043.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1693113756.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1685493954.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1685823423.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1685684873.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1681792361.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000000.00000003.1681422874.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exeBinary or memory string: OriginalFilename vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000001.00000002.2938345495.00007FFE11EE2000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000001.00000002.2935701808.00007FFDFB1E4000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000001.00000002.2938646123.00007FFE13306000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000001.00000002.2938732915.00007FFE1334E000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000001.00000002.2936565159.00007FFDFB894000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000001.00000002.2938561193.00007FFE130C7000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000001.00000002.2932965280.00000225EB5D0000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000001.00000002.2937648359.00007FFE1025E000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000001.00000002.2935326347.00007FFDFB0B3000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs 3OQL58yflv.exe
    Source: 3OQL58yflv.exe, 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs 3OQL58yflv.exe
    Source: 00000001.00000002.2934511808.00000225EDFB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
    Source: 00000001.00000002.2934511808.00000225EDFB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_91bc5d7d reference_sample = 0dd993ff3917dc56ef02324375165f0d66506c5a9b9548eda57c58e041030987, os = windows, severity = x86, creation_date = 2021-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 8848a3de66a25dd98278761a7953f31b7995e48621dec258f3d92bd91a4a3aa3, id = 91bc5d7d-31e3-4c02-82b3-a685194981f3, last_modified = 2021-10-04
    Source: 00000001.00000002.2933864941.00000225ED810000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
    Source: 00000001.00000002.2933864941.00000225ED810000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_91bc5d7d reference_sample = 0dd993ff3917dc56ef02324375165f0d66506c5a9b9548eda57c58e041030987, os = windows, severity = x86, creation_date = 2021-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 8848a3de66a25dd98278761a7953f31b7995e48621dec258f3d92bd91a4a3aa3, id = 91bc5d7d-31e3-4c02-82b3-a685194981f3, last_modified = 2021-10-04
    Source: 00000001.00000002.2933458373.00000225ED568000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
    Source: 00000001.00000002.2933458373.00000225ED568000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_91bc5d7d reference_sample = 0dd993ff3917dc56ef02324375165f0d66506c5a9b9548eda57c58e041030987, os = windows, severity = x86, creation_date = 2021-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 8848a3de66a25dd98278761a7953f31b7995e48621dec258f3d92bd91a4a3aa3, id = 91bc5d7d-31e3-4c02-82b3-a685194981f3, last_modified = 2021-10-04
    Source: classification engineClassification label: mal80.troj.winEXE@3/102@0/1
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3778560 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF6E3778560
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10307DB0 GetCurrentProcess,OpenProcessToken,GetLastError,ImpersonateSelf,OpenProcessToken,GetLastError,PyErr_SetFromWindowsErrWithFilename,LookupPrivilegeValueA,GetLastError,PyErr_SetFromWindowsErrWithFilename,AdjustTokenPrivileges,GetLastError,PyErr_SetFromWindowsErrWithFilename,AdjustTokenPrivileges,RevertToSelf,CloseHandle,1_2_00007FFE10307DB0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10302A30 PyArg_ParseTuple,PyUnicode_AsWideCharString,PyEval_SaveThread,GetDiskFreeSpaceExW,PyEval_RestoreThread,PyMem_Free,PyExc_OSError,PyErr_SetExcFromWindowsErrWithFilenameObject,Py_BuildValue,1_2_00007FFE10302A30
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10304DF0 PyList_New,PyArg_ParseTuple,CreateToolhelp32Snapshot,_Py_Dealloc,CloseHandle,CloseHandle,Thread32First,OpenThread,GetThreadTimes,Py_BuildValue,PyList_Append,_Py_Dealloc,CloseHandle,Thread32Next,CloseHandle,_Py_Dealloc,1_2_00007FFE10304DF0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10308AA0 PyArg_ParseTuple,StartServiceA,CloseServiceHandle,CloseServiceHandle,_Py_NoneStruct,_Py_NoneStruct,1_2_00007FFE10308AA0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002Jump to behavior
    Source: 3OQL58yflv.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\3OQL58yflv.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: 3OQL58yflv.exeVirustotal: Detection: 16%
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile read: C:\Users\user\Desktop\3OQL58yflv.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\3OQL58yflv.exe "C:\Users\user\Desktop\3OQL58yflv.exe"
    Source: C:\Users\user\Desktop\3OQL58yflv.exeProcess created: C:\Users\user\Desktop\3OQL58yflv.exe "C:\Users\user\Desktop\3OQL58yflv.exe"
    Source: C:\Users\user\Desktop\3OQL58yflv.exeProcess created: C:\Users\user\Desktop\3OQL58yflv.exe "C:\Users\user\Desktop\3OQL58yflv.exe"Jump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeSection loaded: libffi-8.dllJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeSection loaded: powrprof.dllJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeSection loaded: pdh.dllJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeSection loaded: umpdc.dllJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeSection loaded: wtsapi32.dllJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeSection loaded: libcrypto-3.dllJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeSection loaded: mswsock.dllJump to behavior
    Source: 3OQL58yflv.exeStatic PE information: Image base 0x140000000 > 0x60000000
    Source: 3OQL58yflv.exeStatic file information: File size 10580892 > 1048576
    Source: 3OQL58yflv.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: 3OQL58yflv.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: 3OQL58yflv.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: 3OQL58yflv.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: 3OQL58yflv.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: 3OQL58yflv.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: 3OQL58yflv.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: 3OQL58yflv.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1685684873.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1685933492.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1682887726.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
    Source: Binary string: ucrtbase.pdb source: 3OQL58yflv.exe, 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.0.dr
    Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683521043.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
    Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1682580120.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: 3OQL58yflv.exe, 00000001.00000002.2935012657.00007FFDFAF72000.00000002.00000001.01000000.00000011.sdmp, libcrypto-3.dll.0.dr
    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1684849273.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1685493954.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1686006892.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: 3OQL58yflv.exe, 00000000.00000003.1680057346.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: 3OQL58yflv.exe, 00000000.00000003.1681536854.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
    Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683186995.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1685040237.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1684537254.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1685334865.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: 3OQL58yflv.exe, 00000001.00000002.2938699098.00007FFE13341000.00000002.00000001.01000000.00000008.sdmp, _ctypes.pyd.0.dr
    Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1682696579.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: 3OQL58yflv.exe, 00000000.00000003.1680766930.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2937619663.00007FFE10257000.00000002.00000001.01000000.00000010.sdmp, _hashlib.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
    Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683784354.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1682389062.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1682771950.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1685220203.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: pyexpat.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: 3OQL58yflv.exe, 00000000.00000003.1681422874.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmp, _lzma.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: 3OQL58yflv.exe, 00000000.00000003.1680186279.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2938312798.00007FFE11EDD000.00000002.00000001.01000000.0000000A.sdmp, _bz2.pyd.0.dr
    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683980243.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
    Source: Binary string: ucrtbase.pdbUGP source: 3OQL58yflv.exe, 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: 3OQL58yflv.exe, 00000000.00000003.1681792361.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmp, _socket.pyd.0.dr
    Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1686189826.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: 3OQL58yflv.exe, 00000001.00000002.2936020627.00007FFDFB5F3000.00000002.00000001.01000000.00000005.sdmp, python312.dll.0.dr
    Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683032791.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: 3OQL58yflv.exe, 00000000.00000003.1693570804.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2935427863.00007FFDFB1DF000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: libcrypto-3.dll.0.dr
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.0.11 19 Sep 20233.0.11built on: Wed Sep 27 22:33:28 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_param..\s\crypto\params.c source: 3OQL58yflv.exe, 00000001.00000002.2935012657.00007FFDFAF72000.00000002.00000001.01000000.00000011.sdmp, libcrypto-3.dll.0.dr
    Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1684691070.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.0.dr
    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683702539.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1682504937.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1685143237.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: 3OQL58yflv.exe, 00000000.00000003.1680057346.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1685749217.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683446448.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: libcrypto-3.dll.0.dr
    Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683862948.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: 3OQL58yflv.exe, 00000000.00000003.1692825548.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2938612939.00007FFE13303000.00000002.00000001.01000000.0000000D.sdmp, select.pyd.0.dr
    Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683590185.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1686295316.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1684084374.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1684968920.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1684460676.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1682958033.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\libssl-3.pdbEE source: libssl-3.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: 3OQL58yflv.exe, 00000000.00000003.1681422874.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmp, _lzma.pyd.0.dr
    Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1685823423.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683331738.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: 3OQL58yflv.exe, 00000000.00000003.1681694406.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, _queue.pyd.0.dr
    Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1683259370.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: 3OQL58yflv.exe, 00000000.00000003.1682274213.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2938526688.00007FFE130C4000.00000002.00000001.01000000.00000012.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: 3OQL58yflv.exe, 00000000.00000003.1682274213.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2938526688.00007FFE130C4000.00000002.00000001.01000000.00000012.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: 3OQL58yflv.exe, 00000000.00000003.1689711480.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2932965280.00000225EB5D0000.00000002.00000001.01000000.00000007.sdmp, python3.dll.0.dr
    Source: Binary string: D:\a\1\b\libssl-3.pdb source: libssl-3.dll.0.dr
    Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1685560720.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 3OQL58yflv.exe, 00000000.00000003.1686079093.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: _ssl.pyd.0.dr
    Source: 3OQL58yflv.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: 3OQL58yflv.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: 3OQL58yflv.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: 3OQL58yflv.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: 3OQL58yflv.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: 0xB7CAAB24 [Sat Sep 17 19:16:52 2067 UTC]
    Source: 3OQL58yflv.exeStatic PE information: section name: _RDATA
    Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
    Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
    Source: python312.dll.0.drStatic PE information: section name: PyRuntim
    Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
    Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E37B5004 push rsp; retf 0_2_00007FF6E37B5005
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013AF25D push rdi; ret 1_2_00007FFE013AF264
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013AF970 push rdi; ret 1_2_00007FFE013AF976
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013A9D25 push rdi; ret 1_2_00007FFE013A9D2B
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11EAD3E8 push rbp; iretd 1_2_00007FFE11EAD3ED

    Persistence and Installation Behavior

    barindex
    Contains functionality to infect the boot sector
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, \\.\PhysicalDrive%d1_2_00007FFE10302B00
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, PhysicalDrive%i1_2_00007FFE10302B00
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, DeviceIoControl -> ERROR_INVALID_FUNCTION; ignore PhysicalDrive%i1_2_00007FFE10302B00
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, DeviceIoControl -> ERROR_NOT_SUPPORTED; ignore PhysicalDrive%i1_2_00007FFE10302B00
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Util\_strxor.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_aesni.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_Salsa20.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey\_ed25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-console-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_ARC4.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_SHA1.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey\_ed448.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_SHA224.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-file-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_ctr.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_BLAKE2b.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\python312.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_RIPEMD160.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_keccak.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_ecb.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-file-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey\_curve448.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_des.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\libcrypto-3.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey\_ec_ws.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey\_curve25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_cbc.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Math\_modexp.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-file-l2-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\libffi-8.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_SHA256.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_ghash_clmul.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\ucrtbase.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_MD5.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\_wmi.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_SHA512.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\psutil\_psutil_windows.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-util-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_MD4.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_cfb.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\libssl-3.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_SHA384.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_BLAKE2s.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_chacha20.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_arc2.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\VCRUNTIME140.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_ghash_portable.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_des3.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Protocol\_scrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_MD2.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Util\_cpuid_c.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_ocb.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_ofb.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_aes.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_cast.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_poly1305.pydJump to dropped file

    Boot Survival

    barindex
    Contains functionality to infect the boot sector
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, \\.\PhysicalDrive%d1_2_00007FFE10302B00
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, PhysicalDrive%i1_2_00007FFE10302B00
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, DeviceIoControl -> ERROR_INVALID_FUNCTION; ignore PhysicalDrive%i1_2_00007FFE10302B00
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, DeviceIoControl -> ERROR_NOT_SUPPORTED; ignore PhysicalDrive%i1_2_00007FFE10302B00
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10308AA0 PyArg_ParseTuple,StartServiceA,CloseServiceHandle,CloseServiceHandle,_Py_NoneStruct,_Py_NoneStruct,1_2_00007FFE10308AA0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E37751E0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF6E37751E0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: PyList_New,OpenSCManagerA,GetLastError,PyErr_SetFromWindowsErrWithFilename,EnumServicesStatusExW,GetLastError,free,malloc,EnumServicesStatusExW,PyUnicode_FromWideChar,PyUnicode_FromWideChar,Py_BuildValue,PyList_Append,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,CloseServiceHandle,free,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,CloseServiceHandle,free,1_2_00007FFE10308170
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Util\_strxor.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_aesni.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_Salsa20.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey\_ed25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-console-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_ARC4.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey\_ed448.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_SHA1.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_SHA224.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-file-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_ctr.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_BLAKE2b.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\python312.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_RIPEMD160.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_keccak.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_ecb.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-file-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey\_curve448.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_des.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey\_ec_ws.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey\_curve25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_cbc.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Math\_modexp.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-file-l2-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_SHA256.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_ghash_clmul.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_MD5.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\_wmi.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_SHA512.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\psutil\_psutil_windows.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-util-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_MD4.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_cfb.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\libssl-3.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_SHA384.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_BLAKE2s.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_chacha20.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_arc2.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_ghash_portable.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_des3.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Protocol\_scrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_MD2.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Util\_cpuid_c.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_ocb.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_ofb.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_aes.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_cast.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_poly1305.pydJump to dropped file
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-16303
    Source: C:\Users\user\Desktop\3OQL58yflv.exeAPI coverage: 1.3 %
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E37788D0 FindFirstFileExW,FindClose,0_2_00007FF6E37788D0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3787E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6E3787E4C
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3791EE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6E3791EE4
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3787E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6E3787E4C
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013F304C FindFirstFileExW,FindNextFileW,FindClose,1_2_00007FFE013F304C
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013F3290 FindFirstFileExW,FindNextFileW,FindClose,1_2_00007FFE013F3290
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10302E70 memset,PyList_New,SetErrorMode,PyArg_ParseTuple,PyObject_IsTrue,PyEval_SaveThread,GetLogicalDriveStringsA,PyEval_RestoreThread,PyErr_SetFromWindowsErr,SetErrorMode,PyEval_SaveThread,GetDriveTypeA,PyEval_RestoreThread,GetVolumeInformationA,strcat_s,SetLastError,strcat_s,strcat_s,strcat_s,FindFirstVolumeMountPointA,strcpy_s,strcat_s,Py_BuildValue,PyList_Append,_Py_Dealloc,FindNextVolumeMountPointA,FindVolumeMountPointClose,strcat_s,strcat_s,Py_BuildValue,PyList_Append,_Py_Dealloc,strchr,SetErrorMode,FindVolumeMountPointClose,SetErrorMode,_Py_Dealloc,_Py_Dealloc,1_2_00007FFE10302E70
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE103018C0 PyModule_Create2,getenv,RtlGetVersion,GetSystemInfo,InitializeCriticalSection,PyModule_GetState,PyErr_NewException,_Py_Dealloc,PyErr_NewException,PyModule_AddObject,PyErr_NewException,PyModule_AddObject,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,1_2_00007FFE103018C0
    Source: 3OQL58yflv.exe, 00000001.00000002.2933281372.00000225ED0D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E378ABD8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6E378ABD8
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3793AF0 GetProcessHeap,0_2_00007FF6E3793AF0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E377BCE0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6E377BCE0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E378ABD8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6E378ABD8
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E377C760 SetUnhandledExceptionFilter,0_2_00007FF6E377C760
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E377C57C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6E377C57C
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFDFB0D3068 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFB0D3068
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFDFB0D2AA0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFDFB0D2AA0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013C98F4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE013C98F4
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE013F0F30 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE013F0F30
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0E141A80 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0E141A80
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0E141030 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0E141030
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0E161030 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0E161030
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0E161A80 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0E161A80
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0E181960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0E181960
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0E181390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0E181390
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EA71960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0EA71960
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EA71390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0EA71390
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB21390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0EB21390
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB21960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0EB21960
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB31390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0EB31390
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB31960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0EB31960
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB41390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0EB41390
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB41960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0EB41960
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB51390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0EB51390
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB51960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0EB51960
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB61390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0EB61390
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE0EB61960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0EB61960
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE101D1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE101D1960
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE101D1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE101D1390
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE101E1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE101E1960
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE101E1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE101E1390
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10231960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE10231960
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10231390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE10231390
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10241960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE10241960
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10241390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE10241390
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10254660 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE10254660
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE10254090 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE10254090
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE1030A050 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE1030A050
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE1030A978 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE1030A978
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11071960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE11071960
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11071390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE11071390
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE110F1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE110F1960
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE110F1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE110F1390
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11501390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE11501390
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11501960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE11501960
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11513398 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE11513398
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11512DD0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE11512DD0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE117E1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE117E1960
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE117E1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE117E1390
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11BB1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE11BB1390
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11BB1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE11BB1960
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11EB3C90 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE11EB3C90
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11EB36C0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE11EB36C0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11EDAB08 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE11EDAB08
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11EDA0C0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE11EDA0C0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE120C1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE120C1960
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE120C1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE120C1390
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE12E11390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE12E11390
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE12E11960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE12E11960
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE130C30AC IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE130C30AC
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE130C2BCC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE130C2BCC
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE133014F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE133014F0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE13301AC0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE13301AC0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE13335FA0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE13335FA0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE13336544 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE13336544
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE148E52F0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE148E52F0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE148E4D20 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE148E4D20
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE1A460AA8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE1A460AA8
    Source: C:\Users\user\Desktop\3OQL58yflv.exeProcess created: C:\Users\user\Desktop\3OQL58yflv.exe "C:\Users\user\Desktop\3OQL58yflv.exe"Jump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3799E40 cpuid 0_2_00007FF6E3799E40
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: EnumSystemLocalesW,1_2_00007FFE013EF36C
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: GetPrimaryLen,EnumSystemLocalesW,1_2_00007FFE013EF3D4
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: EnterCriticalSection,EnumSystemLocalesW,LeaveCriticalSection,1_2_00007FFE013ED2F0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: GetProcAddress,GetLocaleInfoW,1_2_00007FFE0139D5C0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: GetPrimaryLen,EnumSystemLocalesW,1_2_00007FFE013EF488
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,1_2_00007FFE013EF8D0
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,1_2_00007FFE013EFA58
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Util VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\ucrtbase.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\_ctypes.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\_bz2.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\_lzma.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\_socket.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\select.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\psutil VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\psutil VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\psutil VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\psutil\_psutil_windows.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\unicodedata.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\_hashlib.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63002\_wmi.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeQueries volume information: C:\Users\user\Desktop\3OQL58yflv.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E377C460 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF6E377C460
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 0_2_00007FF6E3796370 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF6E3796370
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE103018C0 PyModule_Create2,getenv,RtlGetVersion,GetSystemInfo,InitializeCriticalSection,PyModule_GetState,PyErr_NewException,_Py_Dealloc,PyErr_NewException,PyModule_AddObject,PyErr_NewException,PyModule_AddObject,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,1_2_00007FFE103018C0

    Remote Access Functionality

    barindex
    Yara detected Metasploit Payload
    Source: Yara matchFile source: 00000001.00000002.2934511808.00000225EDFB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000001.00000002.2933458373.00000225ED568000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11515074 PySys_Audit,PyEval_SaveThread,bind,PyEval_RestoreThread,_Py_NoneStruct,1_2_00007FFE11515074
    Source: C:\Users\user\Desktop\3OQL58yflv.exeCode function: 1_2_00007FFE11516078 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,listen,PyEval_RestoreThread,_Py_NoneStruct,1_2_00007FFE11516078

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Service Execution    		1
    Windows Service    		1
    Access Token Manipulation    		1
    Access Token Manipulation    		OS Credential Dumping2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    Native API    		1
    Bootkit    		1
    Windows Service    		11
    Process Injection    		LSASS Memory21
    Security Software Discovery    		Remote Desktop ProtocolData from Removable Media1
    Non-Standard Port    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAt1
    DLL Side-Loading    		11
    Process Injection    		1
    Deobfuscate/Decode Files or Information    		Security Account Manager1
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive1
    Ingress Tool Transfer    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
    DLL Side-Loading    		2
    Obfuscated Files or Information    		NTDS1
    System Service Discovery    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Bootkit    		LSA Secrets2
    File and Directory Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    Timestomp    		Cached Domain Credentials35
    System Information Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    DLL Side-Loading    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    3OQL58yflv.exe5%ReversingLabs
    3OQL58yflv.exe17%VirustotalBrowse

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_ARC4.pyd1%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_Salsa20.pyd1%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_chacha20.pyd0%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_pkcs1_decode.pyd0%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_MD2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_MD4.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_MD5.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_SHA1.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_SHA224.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_SHA256.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_SHA384.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_SHA512.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_keccak.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_poly1305.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Math\_modexp.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey\_curve25519.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey\_curve448.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Util\_strxor.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\VCRUNTIME140.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\_bz2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\_ctypes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\_decimal.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\_hashlib.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\_lzma.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\_multiprocessing.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\_queue.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\_socket.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\_ssl.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\_wmi.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    No contacted domains info

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED410000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED4A7000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED5C9000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L6883OQL58yflv.exe, 00000001.00000002.2933192259.00000225ED04C000.00000004.00001000.00020000.00000000.sdmpfalse
        		high
        https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED5C9000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://stackoverflow.com/questions/18603270/3OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED939000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://github.com/giampaolo/psutil/issues/875.3OQL58yflv.exe, 00000001.00000002.2934131144.00000225EDD10000.00000004.00001000.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1703940257.00000225ED5D9000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1703940257.00000225ED5CA000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://www.tarsnap.com/scrypt/scrypt-slides.pdf3OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED9C5000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED5C9000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://tools.ietf.org/html/rfc58693OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED410000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED9C5000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://www.python.org/download/releases/2.3/mro/.3OQL58yflv.exe, 00000001.00000003.1696978814.00000225ED146000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933192259.00000225ECFD0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                    		high
                    http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED410000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED971000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED4A7000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED9A4000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED5C9000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf3OQL58yflv.exe, 00000001.00000002.2934131144.00000225EDD10000.00000004.00001000.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1705716830.00000225ED568000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2934131144.00000225EDD98000.00000004.00001000.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933864941.00000225ED810000.00000004.00001000.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2934261575.00000225EDE10000.00000004.00001000.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1706113469.00000225ED5D9000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED410000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED568000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED5C9000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://github.com/tqdm/tqdm/issues/481)3OQL58yflv.exe, 00000001.00000002.2933864941.00000225ED810000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader3OQL58yflv.exe, 00000001.00000002.2933281372.00000225ED0D0000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/python/cpython/issues/86361.3OQL58yflv.exe, 00000001.00000003.1703547252.00000225ED5C8000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1705716830.00000225ED4D3000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1703739611.00000225ED5DF000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1703984622.00000225ED4D3000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1704847466.00000225ED4D3000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED4D3000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://mail.python.org/pipermail/python-dev/2012-June/120787.html.3OQL58yflv.exe, 00000001.00000002.2933864941.00000225ED810000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://github.com/tqdm/tqdm#contributionstegerame.3OQL58yflv.exe, 00000001.00000002.2933864941.00000225ED8F8000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#3OQL58yflv.exe, 00000001.00000002.2933281372.00000225ED0D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://stackoverflow.com/questions/4457745#4457745.3OQL58yflv.exe, 00000001.00000002.2934131144.00000225EDD10000.00000004.00001000.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1703940257.00000225ED5D9000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1703940257.00000225ED5CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://crl3.digi3OQL58yflv.exe, 00000000.00000003.1682126183.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://goo.gl/zeJZl.3OQL58yflv.exe, 00000001.00000002.2933723346.00000225ED610000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy3OQL58yflv.exe, 00000001.00000002.2933281372.00000225ED0D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://github.com/tqdm/tqdm#contributions3OQL58yflv.exe, 00000001.00000003.1706113469.00000225ED5D9000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933864941.00000225ED8F8000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.python.org/psf/license/3OQL58yflv.exe, 00000001.00000002.2936346938.00007FFDFB76B000.00000008.00000001.01000000.00000005.sdmp, python312.dll.0.drfalse
                                                		high
                                                https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base643OQL58yflv.exe, 00000001.00000003.1705716830.00000225ED568000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1704847466.00000225ED568000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1703984622.00000225ED568000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED568000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://github.com/openssl/openssl/blob/master/include/openssl/pem.h3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED4D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://docs.python.org/3/library/multiprocessing.html3OQL58yflv.exe, 00000001.00000003.1706551243.00000225ED441000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1702820222.00000225ED447000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1704184836.00000225ED447000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED410000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1705187832.00000225ED44A000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000003.1703332592.00000225ED447000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://cacerts.digicert.co3OQL58yflv.exe, 00000000.00000003.1680501853.000002C5B137E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://tools.ietf.org/html/rfc52973OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED410000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED4A7000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED5C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.openssl.org/H3OQL58yflv.exe, 00000000.00000003.1688679282.000002C5B137E000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2935326347.00007FFDFB0B3000.00000002.00000001.01000000.00000011.sdmp, libcrypto-3.dll.0.dr, libssl-3.dll.0.drfalse
                                                            		high
                                                            http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED410000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED4A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://tools.ietf.org/html/rfc52973OQL58yflv.exe, 00000001.00000002.2934261575.00000225EDE28000.00000004.00001000.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2934131144.00000225EDDD0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.ietf.org/rfc/rfc2898.txt3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED4D3000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED9C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://tools.ietf.org/html/rfc48803OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED410000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED5C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm3OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED9B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://tools.ietf.org/html/rfc36103OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED4A7000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED9A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://peps.python.org/pep-0205/3OQL58yflv.exe, 00000001.00000002.2933794424.00000225ED710000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                                          		high
                                                                          https://www.python.org/psf/license/)3OQL58yflv.exe, 00000001.00000002.2936020627.00007FFDFB5F3000.00000002.00000001.01000000.00000005.sdmp, python312.dll.0.drfalse
                                                                            		high
                                                                            https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py3OQL58yflv.exe, 00000001.00000002.2933281372.00000225ED0D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.rfc-editor.org/info/rfc72533OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED9B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED4A7000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED9A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://peps.python.org/pep-0263/3OQL58yflv.exe, 00000001.00000002.2936020627.00007FFDFB5F3000.00000002.00000001.01000000.00000005.sdmp, python312.dll.0.drfalse
                                                                                    		high
                                                                                    http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf3OQL58yflv.exe, 00000001.00000002.2933964505.00000225ED971000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED4A7000.00000004.00000020.00020000.00000000.sdmp, 3OQL58yflv.exe, 00000001.00000002.2933458373.00000225ED5C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high

                                                                                      World Map of Contacted IPs

                                                                                      • No. of IPs < 25%
                                                                                      • 25% < No. of IPs < 50%
                                                                                      • 50% < No. of IPs < 75%
                                                                                      • 75% < No. of IPs

                                                                                      Public IPs

                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                      202.182.125.24
                                                                                      		unknownUnited States
                                                                                      		20473AS-CHOOPAUStrue

                                                                                      General Information

                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                      Analysis ID:1581648
                                                                                      Start date and time:2024-12-28 12:07:08 +01:00
                                                                                      Joe Sandbox product:CloudBasic
                                                                                      Overall analysis duration:0h 7m 24s
                                                                                      Hypervisor based Inspection enabled:false
                                                                                      Report type:full
                                                                                      Cookbook file name:default.jbs
                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                      Number of analysed new started processes analysed:6
                                                                                      Number of new started drivers analysed:0
                                                                                      Number of existing processes analysed:0
                                                                                      Number of existing drivers analysed:0
                                                                                      Number of injected processes analysed:0
                                                                                      Technologies:
                                                                                      • HCA enabled
                                                                                      • EGA enabled
                                                                                      • AMSI enabled
                                                                                      Analysis Mode:default
                                                                                      Analysis stop reason:Timeout
                                                                                      Sample name:3OQL58yflv.exe
                                                                                      renamed because original name is a hash value
                                                                                      Original Sample Name:230f90bb0e0b11907854e59e63a040b0524fe3e3d6790d290d6fca8d2e0a73f0.exe
                                                                                      Detection:MAL
                                                                                      Classification:mal80.troj.winEXE@3/102@0/1
                                                                                      EGA Information:
                                                                                      • Successful, ratio: 100%
                                                                                      HCA Information:Failed
                                                                                      Cookbook Comments:
                                                                                      • Found application associated with file extension: .exe

                                                                                      Warnings

                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                      • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.63
                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.

                                                                                      Simulations

                                                                                      Behavior and APIs

                                                                                      No simulations

                                                                                      Joe Sandbox View / Context

                                                                                      IPs

                                                                                      No context

                                                                                      Domains

                                                                                      No context

                                                                                      ASNs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      AS-CHOOPAUSarmv5l.elfGet hashmaliciousUnknownBrowse
                                                                                      • 44.174.62.96
                                                                                      loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                      • 8.12.100.87
                                                                                      d1c701d984c5e04b42f3cb7165fc8907dd9f46e91e14d.exeGet hashmaliciousNetSupport RATBrowse
                                                                                      • 45.76.253.210
                                                                                      d1c701d984c5e04b42f3cb7165fc8907dd9f46e91e14d.exeGet hashmaliciousNetSupport RATBrowse
                                                                                      • 45.76.253.210
                                                                                      armv5l.elfGet hashmaliciousMiraiBrowse
                                                                                      • 66.42.103.144
                                                                                      jklm68k.elfGet hashmaliciousUnknownBrowse
                                                                                      • 44.40.163.25
                                                                                      nabsh4.elfGet hashmaliciousUnknownBrowse
                                                                                      • 44.172.196.44
                                                                                      nabarm5.elfGet hashmaliciousUnknownBrowse
                                                                                      • 217.163.30.244
                                                                                      nklx86.elfGet hashmaliciousUnknownBrowse
                                                                                      • 45.76.237.246
                                                                                      nklppc.elfGet hashmaliciousUnknownBrowse
                                                                                      • 173.199.121.211

                                                                                      JA3 Fingerprints

                                                                                      No context

                                                                                      Dropped Files

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_ARC4.pyd7zip.exeGet hashmaliciousUnknownBrowse
                                                                                        main.exeGet hashmaliciousPython Stealer, Discord Token Stealer, PRYSMAX STEALERBrowse
                                                                                          main.exeGet hashmaliciousUnknownBrowse
                                                                                            chos.exeGet hashmaliciousUnknownBrowse
                                                                                              ihost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                shost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                  lz4wnSavmK.exeGet hashmaliciousPython StealerBrowse
                                                                                                    WVuXCNNYG0.exeGet hashmaliciousPython StealerBrowse
                                                                                                      dipwo1iToJ.exeGet hashmaliciousPython StealerBrowse
                                                                                                        ROh2ijuEpr.exeGet hashmaliciousBabuk, ContiBrowse
                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_Salsa20.pyd7zip.exeGet hashmaliciousUnknownBrowse
                                                                                                            main.exeGet hashmaliciousPython Stealer, Discord Token Stealer, PRYSMAX STEALERBrowse
                                                                                                              main.exeGet hashmaliciousUnknownBrowse
                                                                                                                chos.exeGet hashmaliciousUnknownBrowse
                                                                                                                  ihost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                                    shost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                                      lz4wnSavmK.exeGet hashmaliciousPython StealerBrowse
                                                                                                                        WVuXCNNYG0.exeGet hashmaliciousPython StealerBrowse
                                                                                                                          dipwo1iToJ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                            ROh2ijuEpr.exeGet hashmaliciousBabuk, ContiBrowse

                                                                                                                              Created / dropped Files

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_ARC4.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11264
                                                                                                                              Entropy (8bit):4.640339306680604
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:dLklddyTHThob0q/tJRrlDfNYSOcqgYCWt:ZgcdZq/JJD6gRWt
                                                                                                                              MD5:BCD8CAAF9342AB891BB1D8DD45EF0098
                                                                                                                              SHA1:EE7760BA0FF2548F25D764F000EFBB1332BE6D3E
                                                                                                                              SHA-256:78725D2F55B7400A3FCAFECD35AF7AEB253FBC0FFCDF1903016EB0AABD1B4E50
                                                                                                                              SHA-512:8B6FB53AECB514769985EBFDAB1B3C739024597D9C35905E04971D5422256546F7F169BF98F9BAF7D9F42A61CFF3EE7A20664989D3000773BF5EDA10CB3A0C24
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Joe Sandbox View:
                                                                                                                              • Filename: 7zip.exe, Detection: malicious, Browse
                                                                                                                              • Filename: main.exe, Detection: malicious, Browse
                                                                                                                              • Filename: main.exe, Detection: malicious, Browse
                                                                                                                              • Filename: chos.exe, Detection: malicious, Browse
                                                                                                                              • Filename: ihost.exe, Detection: malicious, Browse
                                                                                                                              • Filename: shost.exe, Detection: malicious, Browse
                                                                                                                              • Filename: lz4wnSavmK.exe, Detection: malicious, Browse
                                                                                                                              • Filename: WVuXCNNYG0.exe, Detection: malicious, Browse
                                                                                                                              • Filename: dipwo1iToJ.exe, Detection: malicious, Browse
                                                                                                                              • Filename: ROh2ijuEpr.exe, Detection: malicious, Browse
                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...Y..f.........." ................P........................................p............`..........................................'......0(..d....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..(....`.......*..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_Salsa20.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):13824
                                                                                                                              Entropy (8bit):5.0194545642425075
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:4t/1nCuqaL0kt7AznuRmceS4lDFhAlcqgcLg:F/k1ACln4lDogcLg
                                                                                                                              MD5:F19CB847E567A31FAB97435536C7B783
                                                                                                                              SHA1:4C8BFE404AF28C1781740E7767619A5E2D2FF2B7
                                                                                                                              SHA-256:1ECE1DC94471D6977DBE2CEEBA3764ADF0625E2203D6257F7C781C619D2A3DAD
                                                                                                                              SHA-512:382DC205F703FC3E1F072F17F58E321E1A65B86BE7D9D6B07F24A02A156308A7FEC9B1A621BA1F3428FD6BB413D14AE9ECB2A2C8DD62A7659776CFFDEBB6374C
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                              Joe Sandbox View:
                                                                                                                              • Filename: 7zip.exe, Detection: malicious, Browse
                                                                                                                              • Filename: main.exe, Detection: malicious, Browse
                                                                                                                              • Filename: main.exe, Detection: malicious, Browse
                                                                                                                              • Filename: chos.exe, Detection: malicious, Browse
                                                                                                                              • Filename: ihost.exe, Detection: malicious, Browse
                                                                                                                              • Filename: shost.exe, Detection: malicious, Browse
                                                                                                                              • Filename: lz4wnSavmK.exe, Detection: malicious, Browse
                                                                                                                              • Filename: WVuXCNNYG0.exe, Detection: malicious, Browse
                                                                                                                              • Filename: dipwo1iToJ.exe, Detection: malicious, Browse
                                                                                                                              • Filename: ROh2ijuEpr.exe, Detection: malicious, Browse
                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`..........................................8......H9..d....`.......P..L............p..(....1...............................1..8............0...............................text...h........................... ..`.rdata..r....0......................@..@.data...H....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_chacha20.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):13312
                                                                                                                              Entropy (8bit):5.037456384995606
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:st/1nCuqaL0ktPMn1ENe3erKr5br0YbsiDw6a9lkOcqgRGd:p/kpMIodrXbsiDS95gRGd
                                                                                                                              MD5:DC14677EA8A8C933CC41F9CCF2BEDDC1
                                                                                                                              SHA1:A6FB87E8F3540743097A467ABE0723247FDAF469
                                                                                                                              SHA-256:68F081E96AE08617CF111B21EDED35C1774A5EF1223DF9A161C9445A78F25C73
                                                                                                                              SHA-512:3ABA4CFCBBE4B350AB3230D488BD75186427E3AAAF38D19E0E1C7330F16795AD77FB6E26FF39AF29EAF4F5E8C42118CB680F90AFBFCA218AEDA64DC444675BA2
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`......................................... 8.......8..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):14336
                                                                                                                              Entropy (8bit):5.09191874780435
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:rMVsiXeqVb0lIb0Pj5Jdfpm68WZDInU282tacqgYLg:rM7ali0Pj5JxCaDuUlgYLg
                                                                                                                              MD5:C09BB8A30F0F733C81C5C5A3DAD8D76D
                                                                                                                              SHA1:46FD3BA87A32D12F4EE14601D1AD73B78EDC81D1
                                                                                                                              SHA-256:8A1B751DB47CE7B1D3BD10BEBFFC7442BE4CFB398E96E3B1FF7FB83C88A8953D
                                                                                                                              SHA-512:691AC74FAE930E9CEABE782567EFB99C50DD9B8AD607DD7F99A5C7DF2FA2BEB7EDFE2EBB7095A72DA0AE24E688FBABD340EAE8B646D5B8C394FEE8DDD5E60D31
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...X..f.........." ................P.....................................................`.........................................`8.......8..d....`.......P..(............p..(....1...............................1..8............0...............................text............................... ..`.rdata..6....0....... ..............@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_aes.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):36352
                                                                                                                              Entropy (8bit):6.541423493519083
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:f/UlZA5PUEllvxL/7v/iKBt5ByU0xGitqzSEkxGG7+tpKHb/LZ7fr52EkifcMxme:klcR7JriEbwDaS4j990th9VDBV
                                                                                                                              MD5:0AB25F99CDAACA6B11F2ECBE8223CAD5
                                                                                                                              SHA1:7A881B3F84EF39D97A31283DE6D7B7AE85C8BAE6
                                                                                                                              SHA-256:6CE8A60D1AB5ADC186E23E3DE864D7ADF6BDD37E3B0C591FA910763C5C26AF60
                                                                                                                              SHA-512:11E89EEF34398DF3B144A0303E08B3A4CAF41A9A8CA618C18135F561731F285F8CF821D81179C2C45F6EEB0E496D9DD3ECF6FF202A3C453C80AFEF8582D06C17
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." .....H...H......P.....................................................`.........................................p...........d...............................0......................................8............`...............................text...xG.......H.................. ..`.rdata.."6...`...8...L..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15360
                                                                                                                              Entropy (8bit):5.367749645917753
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:YiJBj5fq/Rk0kPLhOZ3UucCWuSKPEkA2bD9JXx03cqg5YUMLgs:/k1kTMZEjCWNaA2DTx0g5YUMLg
                                                                                                                              MD5:B6EA675C3A35CD6400A7ECF2FB9530D1
                                                                                                                              SHA1:0E41751AA48108D7924B0A70A86031DDE799D7D6
                                                                                                                              SHA-256:76EF4C1759B5553550AB652B84F8E158BA8F34F29FD090393815F06A1C1DC59D
                                                                                                                              SHA-512:E31FD33E1ED6D4DA3957320250282CFD9EB3A64F12DE4BD2DFE3410F66725164D96B27CAA34C501D1A535A5A2442D5F070650FD3014B4B92624EE00F1C3F3197
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.z.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ......... ......P.....................................................`..........................................9......$:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...8....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16384
                                                                                                                              Entropy (8bit):5.41148259289073
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:w3d9FkHaz0EJvrj+CYuz7ucc9dG7otDr22KcqgOiewZjW:YkHEJzj+X6769lDzagO/w
                                                                                                                              MD5:F14E1AA2590D621BE8C10321B2C43132
                                                                                                                              SHA1:FD84D11619DFFDF82C563E45B48F82099D9E3130
                                                                                                                              SHA-256:FCE70B3DAFB39C6A4DB85D2D662CB9EB9C4861AA648AD7436E7F65663345D177
                                                                                                                              SHA-512:A86B9DF163007277D26F2F732ECAB9DBCA8E860F8B5809784F46702D4CEA198824FDEF6AB98BA7DDC281E8791C10EABA002ABDA6F975323B36D5967E0443C1E4
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." ....."... ......P.....................................................`.........................................pI.......J..d....p.......`..................(....B...............................B..8............@...............................text...( .......".................. ..`.rdata..<....@.......&..............@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..(............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20992
                                                                                                                              Entropy (8bit):6.041302713678401
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:kUX0JfbRz5MLZA0nmwzMDYpJgLa0Mp8NDBcxgprAM:6NbRzWXwDqgLa1uBfP
                                                                                                                              MD5:B127CAE435AEB8A2A37D2A1BC1C27282
                                                                                                                              SHA1:2A7BF8BF7F24B2381370BA6B41FB640EE42BDCCD
                                                                                                                              SHA-256:538B1253B5929254ED92129FA0957DB26CDDF34A8372BA0BF19D20D01549ADA3
                                                                                                                              SHA-512:4FE027E46D5132CA63973C67BD5394F2AC74DD4BBCFE93CB16136FAB4B6BF67BECB5A0D4CA359FF9426DA63CA81F793BBF1B79C8A9D8372C53DCB5796D17367E
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....$...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text....".......$.................. ..`.rdata.......@... ...(..............@..@.data...H....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..0............P..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_cast.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):24576
                                                                                                                              Entropy (8bit):6.530656045206549
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:cEDwUBi9SPu71omZXmrfXA+UA10ol31tuXVYdAgYj:FsUBXmoEXmrXA+NNxWFYfo
                                                                                                                              MD5:2E15AA6F97ED618A3236CFA920988142
                                                                                                                              SHA1:A9D556D54519D3E91FA19A936ED291A33C0D1141
                                                                                                                              SHA-256:516C5EA47A7B9A166F2226ECBA79075F1A35EFFF14D87E00006B34496173BB78
                                                                                                                              SHA-512:A6C75C4A285753CC94E45500E8DD6B6C7574FB7F610FF65667F1BEC8D8B413FC10514B7D62F196C2B8D017C308C5E19E2AEF918021FA81D0CB3D8CED37D8549A
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...W..f.........." .....$...>............................................................`..........................................h.......i..d...............................0....a...............................a..8............@...............................text....#.......$.................. ..`.rdata..:-...@.......(..............@..@.data...H....p.......V..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..0............^..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12288
                                                                                                                              Entropy (8bit):4.7080156150187396
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:lF/1n7Guqaj0ktfEJwX1fYwCODR3lncqg0Gd6l:RGXkJEm1feODxDg0Gd6
                                                                                                                              MD5:40390F2113DC2A9D6CFAE7127F6BA329
                                                                                                                              SHA1:9C886C33A20B3F76B37AA9B10A6954F3C8981772
                                                                                                                              SHA-256:6BA9C910F755885E4D356C798A4DD32D2803EA4CFABB3D56165B3017D0491AE2
                                                                                                                              SHA-512:617B963816838D649C212C5021D7D0C58839A85D4D33BBAF72C0EC6ECD98B609080E9E57AF06FA558FF302660619BE57CC974282826AB9F21AE0D80FBAA831A1
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...X..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12800
                                                                                                                              Entropy (8bit):5.159963979391524
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:kblRgfeqfz0RP767fB4A84DgVD6eDcqgzbkLgmf:BwRj67p84Dg6eVgzbkLgmf
                                                                                                                              MD5:899895C0ED6830C4C9A3328CC7DF95B6
                                                                                                                              SHA1:C02F14EBDA8B631195068266BA20E03210ABEABC
                                                                                                                              SHA-256:18D568C7BE3E04F4E6026D12B09B1FA3FAE50FF29AC3DEAF861F3C181653E691
                                                                                                                              SHA-512:0B4C50E40AF92BC9589668E13DF417244274F46F5A66E1FC7D1D59BC281969BA319305BECEA119385F01CC4603439E4B37AFA2CF90645425210848A02839E3E7
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^..6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...Jk.7?...J..7?..Rich6?..................PE..d...Y..f.........." ................P.....................................................`..........................................8......x9..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......(..............@....pdata..d....P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):14848
                                                                                                                              Entropy (8bit):5.270418334522813
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:vktJ1gifqQGRk0IP73AdXdmEEEEEm9uhiFEQayDZVMcqgnF6+6Lg:vkdU1ID3AdXd49urQPDggnUjLg
                                                                                                                              MD5:C4C525B081F8A0927091178F5F2EE103
                                                                                                                              SHA1:A1F17B5EA430ADE174D02ECC0B3CB79DBF619900
                                                                                                                              SHA-256:4D86A90B2E20CDE099D6122C49A72BAE081F60EB2EEA0F76E740BE6C41DA6749
                                                                                                                              SHA-512:7C06E3E6261427BC6E654B2B53518C7EAA5F860A47AE8E80DC3F8F0FED91E122CB2D4632188DC44123FB759749B5425F426CD1153A8F84485EF0491002B26555
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^z.6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...J..7?...J..7?..Rich6?..........................PE..d...Y..f.........." ......... ......P.....................................................`.........................................`9.......:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_des.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):56832
                                                                                                                              Entropy (8bit):4.231032526864278
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:0qcmHBeNL1dO/qHkpnYcZiGKdZHDLY84vnKAnK2rZA21agVF:fEiqHHx4vZDV
                                                                                                                              MD5:F9E266F763175B8F6FD4154275F8E2F0
                                                                                                                              SHA1:8BE457700D58356BC2FA7390940611709A0E5473
                                                                                                                              SHA-256:14D2799BE604CBDC668FDE8834A896EEE69DAE0E0D43B37289FCCBA35CEF29EC
                                                                                                                              SHA-512:EB3E37A3C3FF8A65DEF6FA20941C8672A8197A41977E35AE2DC6551B5587B84C2703758320559F2C93C0531AD5C9D0F6C36EC5037669DC5CE78EB3367D89877B
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....6...................................................0............`.................................................\...d...............l............ ..0... ...............................@...8............P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...H...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_des3.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):57344
                                                                                                                              Entropy (8bit):4.252429732285762
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:J4cmHBeIzNweVy/CHkRnYcZiGKdZHDLq80vnKAnKBrZGsURygUX:GEO6CHnX0vZb7
                                                                                                                              MD5:DECF524B2D53FCD7D4FA726F00B3E5FC
                                                                                                                              SHA1:E87C6ED4004F2772B888C5B5758AA75FE99D2F6F
                                                                                                                              SHA-256:58F7053EE70467D3384C73F299C0DFD63EEF9744D61D1980D9D2518974CA92D4
                                                                                                                              SHA-512:EAFF4FD80843743E61CE635FBADF4E5D9CF2C3E97F3C48350BD9E755F4423AC6867F9FE8746BD5C54E1402B18E8A55AEEF7ACA098C7CF4186DC4C1235EB35DF2
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....8...................................................0............`.....................................................d............................ ..0... ...............................@...8............P...............................text...X7.......8.................. ..`.rdata......P.......<..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):10240
                                                                                                                              Entropy (8bit):4.690163963718492
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:Yddz2KTnThIz0qfteRY4zp+D3PLui8p1cqgHCWt:k2E9RqfCXp+D3juRpLgiWt
                                                                                                                              MD5:80BB1E0E06ACAF03A0B1D4EF30D14BE7
                                                                                                                              SHA1:B20CAC0D2F3CD803D98A2E8A25FBF65884B0B619
                                                                                                                              SHA-256:5D1C2C60C4E571B88F27D4AE7D22494BED57D5EC91939E5716AFA3EA7F6871F6
                                                                                                                              SHA-512:2A13AB6715B818AD62267AB51E55CD54714AEBF21EC9EA61C2AEFD56017DC84A6B360D024F8682A2E105582B9C5FE892ECEBD2BEF8A492279B19FFD84BC83FA5
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................0'.......'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):22016
                                                                                                                              Entropy (8bit):6.1215844022564285
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:nUX0JfbRwUtPMbNv37t6K5jwbDEpJgLa0Mp8xCkgJrAm:jNbRw8EbxwKBwbD+gLa1nh
                                                                                                                              MD5:3727271FE04ECB6D5E49E936095E95BC
                                                                                                                              SHA1:46182698689A849A8C210A8BF571D5F574C6F5B1
                                                                                                                              SHA-256:3AF5B35DCD5A3B6C7E88CEE53F355AAFFF40F2C21DABD4DE27DBB57D1A29B63B
                                                                                                                              SHA-512:5BED1F4DF678FE90B8E3F1B7C4F68198463E579209B079CB4A40DCAC01CE26AA2417DBE029B196F6F2C6AFAD560E2D1AF9F089ABE37EAD121CA10EE69D9659ED
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....(...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text...H'.......(.................. ..`.rdata.......@... ...,..............@..@.data...H....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..0............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):17920
                                                                                                                              Entropy (8bit):5.293810509074883
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:4PHoDUntQjNB+/yw/pogeXOvXoTezczOo3p9iJgDQ3iNgnVbwhA:dUOhBcDRogeXOfoTezcio3pUJgDQ3i+
                                                                                                                              MD5:78AEF441C9152A17DD4DC40C7CC9DF69
                                                                                                                              SHA1:6BB6F8426AFA6522E647DFC82B1B64FAF3A9781F
                                                                                                                              SHA-256:56E4E4B156295F1AAA22ECB5481841DE2A9EB84845A16E12A7C18C7C3B05B707
                                                                                                                              SHA-512:27B27E77BE81B29D42359FE28531225383860BCD19A79044090C4EA58D9F98009A254BF63585979C60B3134D47B8233941ABB354A291F23C8641A4961FA33107
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Y..f.........." .....(... ......P.....................................................`.........................................pI......lJ..d....p.......`..................(....A...............................A..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11776
                                                                                                                              Entropy (8bit):4.862619033406922
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:0Ga+F/1NtJ9t4udqaj01rlALnNNJSS2sP+YEdMN+F9FdKaWDULk+VOmWbucX6gR7:PF/1n7Guqaj0ktfEON+bMDUlJcqg0Gd
                                                                                                                              MD5:19E0ABF76B274C12FF624A16713F4999
                                                                                                                              SHA1:A4B370F556B925F7126BF87F70263D1705C3A0DB
                                                                                                                              SHA-256:D9FDA05AE16C5387AB46DC728C6EDCE6A3D0A9E1ABDD7ACB8B32FC2A17BE6F13
                                                                                                                              SHA-512:D03033EA5CF37641FBD802EBEB5019CAEF33C9A78E01519FEA88F87E773DCA92C80B74BA80429B530694DAD0BFA3F043A7104234C7C961E18D48019D90277C8E
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...Y..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......$..............@....pdata..X....P.......&..............@..@.rsrc........`.......*..............@..@.reloc..(....p.......,..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):14336
                                                                                                                              Entropy (8bit):5.227045547076371
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:saF/1n7Guqaj0ktrE8o2o+V2rQnjt1wmg9jtveDn4clG6VcqgOvgdd:swGXkFE8Zo+AojO9jZeDf5rgOvgz
                                                                                                                              MD5:309D6F6B0DD022EBD9214F445CAC7BB9
                                                                                                                              SHA1:ABD22690B7AD77782CFC0D2393D0C038E16070B0
                                                                                                                              SHA-256:4FBE188C20FB578D4B66349D50AA6FFE4AB86844FB6427C57738F36780D1E2E2
                                                                                                                              SHA-512:D1951FE92F83E7774E8E877815BED6E6216D56EF18B7F1C369D678CB6E1814243659E9FA7ABC0D22FB5B34A9D50A51D5A89BA00AE1FDD32157FD0FF9902FB4B7
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...x........................... ..`.rdata.......0....... ..............@..@.data...H....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):13824
                                                                                                                              Entropy (8bit):5.176369829782773
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:rF/1n7Guqaj0ktrESsrUW+SBjsK5tcQmEreD2mf1AoxkVcqgOvgXQ:rGXkFE/UW575tA2eDp1Ao2rgOvgX
                                                                                                                              MD5:D54FEB9A270B212B0CCB1937C660678A
                                                                                                                              SHA1:224259E5B684C7AC8D79464E51503D302390C5C9
                                                                                                                              SHA-256:032B83F1003A796465255D9B246050A196488BAC1260F628913E536314AFDED4
                                                                                                                              SHA-512:29955A6569CA6D039B35BB40C56AEEB75FC765600525D0B469F72C97945970A428951BAB4AF9CD21B3161D5BBA932F853778E2674CA83B14F7ABA009FA53566F
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...h........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata..@....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_MD2.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):14336
                                                                                                                              Entropy (8bit):5.047563322651927
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:6alCvH32p3/2pnEhKnLg9yH8puzoFaPERIQAvHD9CIg5kP:5CvHmp3OpnEhmLg9yH8puzoFaPERIQgI
                                                                                                                              MD5:52DCD4151A9177CF685BE4DF48EA9606
                                                                                                                              SHA1:F444A4A5CBAE9422B408420115F0D3FF973C9705
                                                                                                                              SHA-256:D54375DC0652358A6E4E744F1A0EAEEAD87ACCD391A20D6FF324FE14E988A122
                                                                                                                              SHA-512:64C54B89F2637759309ECC6655831C3A6755924ED70CBC51614061542EB9BA9A8AECF6951EB3AB92447247DC4D7D846C88F4957DBBE4484A9AB934343EE27178
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Q..f.........." ......... ......P.....................................................`.........................................@9.......9..d....`.......P..(............p..(....2...............................2..8............0...............................text...X........................... ..`.rdata..@....0......................@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_MD4.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):13824
                                                                                                                              Entropy (8bit):5.09893680790018
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:xsiXeqVb0lwbH4P01sAD7I/9hAkwDWzBEbcqgqLg:valqH4M1sAD7KvpwDFtgqLg
                                                                                                                              MD5:F929B1A3997427191E07CF52AC883054
                                                                                                                              SHA1:C5EA5B68586C2FB09E5FDD20D4DD616D06F5CBA6
                                                                                                                              SHA-256:5386908173074FABD95BF269A9DF0A4E1B21C0576923186F449ABF4A820F6A8E
                                                                                                                              SHA-512:2C79DBCE2C21214D979AB86DD989D41A3AFA7FCB7F3B79BA9974E2EE8F832DD7CA20C1C87C0C380DB037D776FE6D0851D60AD55A08AFDE0003B7E59214DD2F3B
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ................P.....................................................`.........................................08.......8..d....`.......P..(............p..(....1...............................2..8............0...............................text............................... ..`.rdata..0....0......................@..@.data........@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_MD5.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15360
                                                                                                                              Entropy (8bit):5.451865349855574
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:KfwogDHER1wuiDSyoGTgDZOviNgEPrLg:ugDHELwuiDScTgDwi+EP
                                                                                                                              MD5:1FA5E257A85D16E916E9C22984412871
                                                                                                                              SHA1:1AC8EE98AD0A715A1B40AD25D2E8007CDC19871F
                                                                                                                              SHA-256:D87A9B7CAD4C451D916B399B19298DC46AAACC085833C0793092641C00334B8E
                                                                                                                              SHA-512:E4205355B647C6E28B7E4722328F51DC2EB3A109E9D9B90F7C53D7A80A5A4B10E40ABDDAB1BA151E73EF3EB56941F843535663F42DCE264830E6E17BB659EADF
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ..... ..........P.....................................................`..........................................8......`9..d....`.......P..X............p..(....1...............................1..8............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):13824
                                                                                                                              Entropy (8bit):5.104245335186531
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:3F/1n7Guqaj0kt7/Ev9kt0Qwac6QzD8iD0QocqgI4G0S:nGXkd/EvGt9wacNDvAgI4v
                                                                                                                              MD5:FAD578A026F280C1AE6F787B1FA30129
                                                                                                                              SHA1:9A3E93818A104314E172A304C3D117B6A66BEB55
                                                                                                                              SHA-256:74A1FF0801F4704158684267CD8E123F83FB6334FE522C1890AC4A0926F80AB1
                                                                                                                              SHA-512:ACF8F5B382F3B4C07386505BBDCAF625D13BCC10AA93ED641833E3548261B0AD1063E2F59BE2FCD2AFAF3D315CB3FC5EB629CEFC168B33CFD65A3A6F1120F7FF
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ......... ......P.....................................................`..........................................9.......:..d....`.......P...............p..(...@3..............................`3..8............0...............................text...H........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_SHA1.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):17920
                                                                                                                              Entropy (8bit):5.671305741258107
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:APHoDUntQj0sKhDOJ+0QPSfu6rofDjiZzgE+kbwb:VUOYsKNO466DjoUE+
                                                                                                                              MD5:556E6D0E5F8E4DA74C2780481105D543
                                                                                                                              SHA1:7A49CDEF738E9FE9CD6CD62B0F74EAD1A1774A33
                                                                                                                              SHA-256:247B0885CF83375211861F37B6DD1376AED5131D621EE0137A60FE7910E40F8B
                                                                                                                              SHA-512:28FA0CE6BDBCC5E95B80AADC284C12658EF0C2BE63421AF5627776A55050EE0EA0345E30A15B744FC2B2F5B1B1BBB61E4881F27F6E3E863EBAAEED1073F4CDA1
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." .....*..........P.....................................................`..........................................H......hI..d....p.......`..X...............(....A...............................A..8............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_SHA224.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):21504
                                                                                                                              Entropy (8bit):5.878701941774916
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:EJWo4IRCGHX1KXqHGcvYHp5RYcARQOj4MSTjqgPmJD1OhgkxEv:EcIRnHX1P/YtswvaD1Rk
                                                                                                                              MD5:2F2655A7BBFE08D43013EDDA27E77904
                                                                                                                              SHA1:33D51B6C423E094BE3E34E5621E175329A0C0914
                                                                                                                              SHA-256:C734ABBD95EC120CB315C43021C0E1EB1BF2295AF9F1C24587334C3FCE4A5BE1
                                                                                                                              SHA-512:8AF99ACC969B0E560022F75A0CDCAA85D0BDEADADEACD59DD0C4500F94A5843EA0D4107789C1A613181B1F4E5252134A485EF6B1D9D83CDB5676C5FEE4D49B90
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_SHA256.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):21504
                                                                                                                              Entropy (8bit):5.881781476285865
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:EJWo4IRCGHXfKXqHGcvYHp5RYcARQOj4MSTjqgPmJD12gkxEv:EcIRnHXfP/YtswvaD1zk
                                                                                                                              MD5:CDE035B8AB3D046B1CE37EEE7EE91FA0
                                                                                                                              SHA1:4298B62ED67C8D4F731D1B33E68D7DC9A58487FF
                                                                                                                              SHA-256:16BEA322D994A553B293A724B57293D57DA62BC7EAF41F287956B306C13FD972
                                                                                                                              SHA-512:C44FDEE5A210459CE4557351E56B2D357FD4937F8EC8EACEAB842FEE29761F66C2262FCBAAC837F39C859C67FA0E23D13E0F60B3AE59BE29EB9D8ABAB0A572BB
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_SHA384.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):26624
                                                                                                                              Entropy (8bit):5.837887867708438
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:e839Cc4itui0gel9soFdkO66MlPGXmXcyYDTzks:Ns4u/FZ6nPxMLDvk
                                                                                                                              MD5:999D431197D7E06A30E0810F1F910B9A
                                                                                                                              SHA1:9BFF781221BCFFD8E55485A08627EC2A37363C96
                                                                                                                              SHA-256:AB242B9C9FB662C6F7CB57F7648F33983D6FA3BB0683C5D4329EC2CC51E8C875
                                                                                                                              SHA-512:A5DD92DD471ADB44EEFE5919EF9CA3978724E21174DF5B3A9C1F0AB462F928E5A46A460D02417DB7522F5DE3BFEED5EEE6B1EAFAF3E621722E85E72675F7096F
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`..........................................k.......l..d...............................(...pd...............................d..8............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_SHA512.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):26624
                                                                                                                              Entropy (8bit):5.895310340516013
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:lcX9Nf4ttui0gel9soFdkO66MlPGXmXc/vDTOvk:a38u/FZ6nPxM3DAk
                                                                                                                              MD5:0931ABBF3AED459B1A2138B551B1D3BB
                                                                                                                              SHA1:9EC0296DDAF574A89766A2EC035FC30073863AB0
                                                                                                                              SHA-256:1729A0DC6B80CB7A3C07372B98B10D3C6C613EA645240878E1FDE6A992FA06F1
                                                                                                                              SHA-512:9F970BB4D10B94F525DDDDE307C7DA5E672BBFB3A3866A34B89B56ADA99476724FD690A4396857182749294F67F36DB471A048789FB715D2A7DAF46917FC1947
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`.........................................@l......(m..d...............................(....d...............................e..8............`...............................text...hG.......H.................. ..`.rdata..x....`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12800
                                                                                                                              Entropy (8bit):4.967737129255606
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:dMpWt/1nCuqaL0kt7TsEx2fiTgDZqGF0T7cqgkLgJ:k/k1Ts64DDJyBgkLg
                                                                                                                              MD5:5F057A380BACBA4EF59C0611549C0E02
                                                                                                                              SHA1:4B758D18372D71F0AA38075F073722A55B897F71
                                                                                                                              SHA-256:BCB14DAC6C87C24269D3E60C46B49EFFB1360F714C353318F5BBAA48C79EC290
                                                                                                                              SHA-512:E1C99E224745B86EE55822C1DBCB4555A11EC31B72D87B46514917EB61E0258A1C6D38C4F592969C17EB4F0F74DA04BCECA31CF1622720E95F0F20E9631792E8
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." ................P.....................................................`.........................................P8.......8..d....`.......P...............p..(....1...............................1..8............0...............................text............................... ..`.rdata..2....0......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_ghash_portable.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):13312
                                                                                                                              Entropy (8bit):5.007867576025166
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:bMt/1nCuqaL0ktPH0T7fwtF4zDn2rGacqgRGd:1/kpU3Yv4zDXqgRGd
                                                                                                                              MD5:49BCA1B7DF076D1A550EE1B7ED3BD997
                                                                                                                              SHA1:47609C7102F5B1BCA16C6BAD4AE22CE0B8AEE9E9
                                                                                                                              SHA-256:49E15461DCB76690139E71E9359F7FCF92269DCCA78E3BFE9ACB90C6271080B2
                                                                                                                              SHA-512:8574D7FA133B72A4A8D1D7D9FDB61053BC88C2D238B7AC7D519BE19972B658C44EA1DE433885E3206927C75DD5D1028F74999E048AB73189585B87630F865466
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_keccak.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15872
                                                                                                                              Entropy (8bit):5.226023387740053
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:rfRKTN+HLjRskTdf4WazSTkwjEvuY2bylHDiYIgovg:mcHfRl5pauoSjy5DiE
                                                                                                                              MD5:CB5CFDD4241060E99118DEEC6C931CCC
                                                                                                                              SHA1:1E7FED96CF26C9F4730A4621CA9D18CECE3E0BCE
                                                                                                                              SHA-256:A8F809B6A417AF99B75EEEEA3ECD16BDA153CBDA4FFAB6E35CE1E8C884D899C4
                                                                                                                              SHA-512:8A89E3563C14B81353D251F9F019D8CBF07CB98F78452B8522413C7478A0D77B9ABF2134E4438145D6363CDA39721D2BAE8AD13D1CDACCBB5026619D95F931CF
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...U..f.........." ..... ... ......P.....................................................`..........................................9.......9..d....`.......P..X............p..(...p2...............................2..8............0...............................text............ .................. ..`.rdata..@....0.......$..............@..@.data........@.......4..............@....pdata..X....P.......6..............@..@.rsrc........`.......:..............@..@.reloc..(....p.......<..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Hash\_poly1305.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):14848
                                                                                                                              Entropy (8bit):5.262055670423592
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:C/ZN2eq/b04PAHH41F6fnVS0sVn+5CA5Z1cD66WGcqgFjLg:vI4IHHaQfSVnCZyDImgFjLg
                                                                                                                              MD5:18D2D96980802189B23893820714DA90
                                                                                                                              SHA1:5DEE494D25EB79038CBC2803163E2EF69E68274C
                                                                                                                              SHA-256:C2FD98C677436260ACB9147766258CB99780A007114AED37C87893DF1CF1A717
                                                                                                                              SHA-512:0317B65D8F292332C5457A6B15A77548BE5B2705F34BB8F4415046E3E778580ABD17B233E6CC2755C991247E0E65B27B5634465646715657B246483817CACEB7
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...V..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..|............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata..|....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Math\_modexp.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):36352
                                                                                                                              Entropy (8bit):5.913843738203007
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:dspbXtHQY4ubrttQza9CHnZXQsnecAlOF0qZLAXxQI3Sya6XPpMg3Yx8MnDcCPSq:7Y44UagH6cAFCLUSYpMg3YDzPo5kG9G
                                                                                                                              MD5:EF472BA63FD22922CA704B1E7B95A29E
                                                                                                                              SHA1:700B68E7EF95514D5E94D3C6B10884E1E187ACD8
                                                                                                                              SHA-256:66EEF4E6E0CEEEF2C23A758BFBEDAE7C16282FC93D0A56ACAFC40E871AC3F01C
                                                                                                                              SHA-512:DC2060531C4153C43ABF30843BCB5F8FA082345CA1BB57F9AC8695EDDB28FF9FDA8132B6B6C67260F779D95FCADCAE2811091BCA300AB1E041FAE6CC7B50ABD8
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .....`...0......`.....................................................`..........................................~..|...L...d...............<...............(....q...............................q..8............p..(............................text...X^.......`.................. ..`.rdata.......p.......d..............@..@.data................x..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Protocol\_scrypt.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12288
                                                                                                                              Entropy (8bit):4.735350805948923
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:rhsC3eqv6b0q3OQ3rHu5bc64OhD2I/p3cqgONLg:r/Hq3jHuY64OhDJJgONLg
                                                                                                                              MD5:3B1CE70B0193B02C437678F13A335932
                                                                                                                              SHA1:063BFD5A32441ED883409AAD17285CE405977D1F
                                                                                                                              SHA-256:EB2950B6A2185E87C5318B55132DFE5774A5A579259AB50A7935A7FB143EA7B1
                                                                                                                              SHA-512:0E02187F17DFCFD323F2F0E62FBFE35F326DCF9F119FC8B15066AFAEEE4EB7078184BC85D571B555E9E67A2DD909EC12D8A67E3D075E9B1283813EF274E05C0D
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...Z..f.........." ................P.....................................................`..........................................8..d....8..d....`.......P..4............p..(....1...............................1..8............0...............................text...H........................... ..`.rdata..0....0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey\_curve25519.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):22528
                                                                                                                              Entropy (8bit):5.705606408072877
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:19BcRxBmau38CYIl9bhgIW0mvufueNr359/tjGGDEFSegqrA:NcRy38J+9dmvufFtaGDV
                                                                                                                              MD5:FF33C306434DEC51D39C7BF1663E25DA
                                                                                                                              SHA1:665FCF47501F1481534597C1EAC2A52886EF0526
                                                                                                                              SHA-256:D0E3B6A2D0E073B2D9F0FCDB051727007943A17A4CA966D75EBA37BECDBA6152
                                                                                                                              SHA-512:66A909DC9C3B7BD4050AA507CD89B0B3A661C85D33C881522EC9568744953B698722C1CBFF093F9CBCD6119BD527FECAB05A67F2E32EC479BE47AFFA4377362C
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...\..f.........." .....6...$......P.....................................................`.........................................`Y......`Z..d............p..................(....R..............................0R..8............P...............................text...(5.......6.................. ..`.rdata.......P.......:..............@..@.data........`.......J..............@....pdata.......p.......P..............@..@.rsrc................T..............@..@.reloc..(............V..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey\_curve448.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):70656
                                                                                                                              Entropy (8bit):6.0189903352673655
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:Jfju4GgRMgWWnEDZiECgd/iwOXUQdbhov0Clb8Cx4hpK8ithLFIDullRPwDHxXOa:pXRMgWiEDZiECgd/iwOXUQdbhov0ClbU
                                                                                                                              MD5:F267BF4256F4105DAD0D3E59023011ED
                                                                                                                              SHA1:9BC6CA0F375CE49D5787C909D290C07302F58DA6
                                                                                                                              SHA-256:1DDE8BE64164FF96B2BAB88291042EB39197D118422BEE56EB2846E7A2D2F010
                                                                                                                              SHA-512:A335AF4DBF1658556ED5DC13EE741419446F7DAEC6BD2688B626A803FA5DD76463D6367C224E0B79B17193735E2C74BA417C26822DAEEF05AC3BAB1588E2DE83
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...\..f.........." .........8......`........................................P............`.............................................0.......d....0....... ..$............@..(.......................................8............................................text...8........................... ..`.rdata..............................@..@.data...............................@....pdata..$.... ......................@..@.rsrc........0......................@..@.reloc..(....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):770560
                                                                                                                              Entropy (8bit):7.613224993327352
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:XtIrHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h:XtIrHoxJFf1p34hcrn5Go9yQO6
                                                                                                                              MD5:1EFD7F7CB1C277416011DE6F09C355AF
                                                                                                                              SHA1:C0F97652AC2703C325AB9F20826A6F84C63532F2
                                                                                                                              SHA-256:AB45FA80A68DB1635D41DC1A4AAD980E6716DAC8C1778CB5F30CDB013B7DF6E6
                                                                                                                              SHA-512:2EC4B88A1957733043BBD63CEAA6F5643D446DB607B3267FAD1EC611E6B0AF697056598AAC2AE5D44AB2B9396811D183C32BCE5A0FF34E583193A417D1C5226B
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.. .. .. ... .. ..!.. ..!.. .. .. ..!.. ..!.. ..!.. \..!.. \..!.. \.r .. \..!.. Rich.. ................PE..d...[..f.........." ................`.....................................................`.............................................h.......d...............................0......................................8...............(............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey\_ed25519.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):26112
                                                                                                                              Entropy (8bit):5.8551858881598795
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:BczadRwoF2MZ81n0XTyMCYIl9bhgIW0mv8aeadRcwRwftjGLD2pRQNgQQ77k:2udRf2MuMJ+9dmv8aea34taLDcfQ
                                                                                                                              MD5:C5FB377F736ED731B5578F57BB765F7A
                                                                                                                              SHA1:5BA51E11F4DE1CAEDEBA0F7D4D10EC62EC109E01
                                                                                                                              SHA-256:32073DF3D5C85ABCE7D370D6E341EF163A8350F6A9EDC775C39A23856CCFDD53
                                                                                                                              SHA-512:D361BCDAF2C700D5A4AC956D96E00961432C05A1B692FC870DB53A90F233A6D24AA0C3BE99E40BD8E5B7C6C1B2BCDCDCFC545292EF321486FFC71C5EA7203E6A
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...]..f.........." .....B...&......P.....................................................`..........................................i..0....k..d...............................(... b..............................@b..8............`...............................text....A.......B.................. ..`.rdata..P....`.......F..............@..@.data........p.......V..............@....pdata...............^..............@..@.rsrc................b..............@..@.reloc..(............d..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\PublicKey\_ed448.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):84992
                                                                                                                              Entropy (8bit):6.064677498000638
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:BrYNvxcZeLrIeNs2qkTwe57DsuP45PqAqVDK9agdUiwOXyQdDrov0slb8gx4TBKW:Br4vxcZeLrIeN1TvHsuP45yAqVDK9ag3
                                                                                                                              MD5:8A0C0AA820E98E83AC9B665A9FD19EAF
                                                                                                                              SHA1:6BF5A14E94D81A55A164339F60927D5BF1BAD5C4
                                                                                                                              SHA-256:4EE3D122DCFFE78E6E7E76EE04C38D3DC6A066E522EE9F7AF34A09649A3628B1
                                                                                                                              SHA-512:52496AE7439458DEDB58A65DF9FFDCC3A7F31FC36FE7202FB43570F9BB03ABC0565F5EF32E5E6C048ED3EBC33018C19712E58FF43806119B2FB5918612299E7E
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .........8......`.....................................................`..........................................C..h...HE..d....p.......`..l...............(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata..l....`.......>..............@..@.rsrc........p.......H..............@..@.reloc..(............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Util\_cpuid_c.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):10240
                                                                                                                              Entropy (8bit):4.675380950473425
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:frQRpBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSztllIDpqf4AZaRcX6gnO:Qddz2KTnThIz0qfteRIDgRWcqgnCWt
                                                                                                                              MD5:44B930B89CE905DB4716A548C3DB8DEE
                                                                                                                              SHA1:948CBFF12A243C8D17A7ACD3C632EE232DF0F0ED
                                                                                                                              SHA-256:921C2D55179C0968535B20E9FD7AF55AD29F4CE4CF87A90FE258C257E2673AA5
                                                                                                                              SHA-512:79DF755BE8B01D576557A4CB3F3200E5EE1EDE21809047ABB9FF8D578C535AC1EA0277EDA97109839A7607AF043019F2C297E767441C7E11F81FDC87FD1B6EFC
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................@'..|....'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\Crypto\Util\_strxor.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):10240
                                                                                                                              Entropy (8bit):4.625428549874022
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:flipBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSzteXuDVZqYNIfcX6gHCWx:Cddz2KTnThIz0qfteR5DVwYkcqgHCWt
                                                                                                                              MD5:F24F9356A6BDD29B9EF67509A8BC3A96
                                                                                                                              SHA1:A26946E938304B4E993872C6721EB8CC1DCBE43B
                                                                                                                              SHA-256:034BB8EFE3068763D32C404C178BD88099192C707A36F5351F7FDB63249C7F81
                                                                                                                              SHA-512:C4D3F92D7558BE1A714388C72F5992165DD7A9E1B4FA83B882536030542D93FDAD9148C981F76FFF7868192B301AC9256EDB8C3D5CE5A1A2ACAC183F96C1028B
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...Z..f.........." ................P........................................p............`......................................... '..t....'..P....P.......@...............`..(....!...............................!..8............ ...............................text...h........................... ..`.rdata..`.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\VCRUNTIME140.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):119192
                                                                                                                              Entropy (8bit):6.6016214745004635
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                                                              MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                                                              SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                                                              SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                                                              SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\_bz2.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):84760
                                                                                                                              Entropy (8bit):6.58578024183428
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:ES7z7Sj2u5ia5ifC83zYLzbCK8CkotIpCVF7SyTUxIS:/7z+jw3MzCNCkotIpCVF+
                                                                                                                              MD5:90F58F625A6655F80C35532A087A0319
                                                                                                                              SHA1:D4A7834201BD796DC786B0EB923F8EC5D60F719B
                                                                                                                              SHA-256:BD8621FCC901FA1DE3961D93184F61EA71068C436794AF2A4449738CCF949946
                                                                                                                              SHA-512:B5BB1ECC195700AD7BEA5B025503EDD3770B1F845F9BEEE4B067235C4E63496D6E0B19BDD2A42A1B6591D1131A2DC9F627B2AE8036E294300BB6983ECD644DC8
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<..R..R..R......R...S..R.....R...W..R...V..R...Q..R...S..R..S..R..S..R..._..R...R..R......R...P..R.Rich.R.........................PE..d....Are.........." ...%.....^......|........................................P............`.............................................H............0....... ..,......../...@..........T...........................p...@............................................text...k........................... ..`.rdata..p>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\_ctypes.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):125208
                                                                                                                              Entropy (8bit):6.126925801052556
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:PGTMA4TPG40srrYLGNyf/ECZGKgyWLRECBIpLPIuE:Otgp0swLvf/EKCkE
                                                                                                                              MD5:452305C8C5FDA12F082834C3120DB10A
                                                                                                                              SHA1:9BAB7B3FD85B3C0F2BEDC3C5ADB68B2579DAA6E7
                                                                                                                              SHA-256:543CE9D6DC3693362271A2C6E7D7FC07AD75327E0B0322301DD29886467B0B0E
                                                                                                                              SHA-512:3D52AFDBC8DA74262475ABC8F81415A0C368BE70DBF5B2BD87C9C29CA3D14C44770A5B8B2E7C082F3ECE0FD2BA1F98348A04B106A48D479FA6BD062712BE8F7C
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......x...<...<...<...5.*.:...)...>...)...0...)...4...)...8.......>...w...=...w...:.......?...<..........:.......=.....F.=.......=...Rich<...........................PE..d....Are.........." ...%............`_....................................................`.........................................``.......`.........................../......p.......T...............................@............................................text............................... ..`.rdata..Xl.......n..................@..@.data....4.......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..p...........................@..B................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\_decimal.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):253208
                                                                                                                              Entropy (8bit):6.560002521238215
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:kgd/2mZLgPFIY9qWM53pLW1AepppzoeteKU:JZLgPykeKU
                                                                                                                              MD5:F78F9855D2A7CA940B6BE51D68B80BF2
                                                                                                                              SHA1:FD8AF3DBD7B0EA3DE2274517C74186CB7CD81A05
                                                                                                                              SHA-256:D4AE192BBD4627FC9487A2C1CD9869D1B461C20CFD338194E87F5CF882BBED12
                                                                                                                              SHA-512:6B68C434A6F8C436D890D3C1229D332BD878E5777C421799F84D79679E998B95D2D4A013B09F50C5DE4C6A85FCCEB796F3C486E36A10CBAC509A0DA8D8102B18
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mBP\.,.\.,.\.,.Ut..R.,.Is-.^.,.Is).Q.,.Is(.T.,.Is/.X.,.f.-._.,..t-.^.,.\.-...,.f./.].,.f.!.S.,.f.,.].,.f...].,.f...].,.Rich\.,.........PE..d....Are.........." ...%.v...<......L....................................................`..........................................T..P...@U..................x'......./......P.......T...........................`...@............................................text...-t.......v.................. ..`.rdata..D............z..............@..@.data....*...p...$...R..............@....pdata..x'.......(...v..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\_hashlib.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):65816
                                                                                                                              Entropy (8bit):6.242721496157571
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:uElYij3wzR1lBafLEmIRhFIpOIi7SyHqxn:zYdBaTEmghFIpOIiu
                                                                                                                              MD5:8BAEB2BD6E52BA38F445EF71EF43A6B8
                                                                                                                              SHA1:4132F9CD06343EF8B5B60DC8A62BE049AA3270C2
                                                                                                                              SHA-256:6C50C9801A5CAF0BB52B384F9A0D5A4AA182CA835F293A39E8999CF6EDF2F087
                                                                                                                              SHA-512:804A4E19EA622646CEA9E0F8C1E284B7F2D02F3620199FA6930DBDADC654FA137C1E12757F87C3A1A71CEFF9244AA2F598EE70D345469CA32A0400563FE3AA65
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Aj...j...j...c.C.n.......h.......f.......b.......i...Pa..h...!...h.......i...j.......Pa..k...Pa..k...Pa/.k...Pa..k...Richj...........................PE..d....Are.........." ...%.T..........P@..............................................oE....`.............................................P.............................../......X...@}..T............................|..@............p..(............................text....S.......T.................. ..`.rdata..&O...p...P...X..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\_lzma.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):159512
                                                                                                                              Entropy (8bit):6.8453439550985475
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:kEVLLSVeexIDteznfV9mNoNMuX4mZp7zuNtIpZ1uV:kEVHbeye9YON1buNN
                                                                                                                              MD5:CF8DE1137F36141AFD9FF7C52A3264EE
                                                                                                                              SHA1:AFDE95A1D7A545D913387624EF48C60F23CF4A3F
                                                                                                                              SHA-256:22D10E2D6AD3E3ED3C49EB79AB69A81AAA9D16AECA7F948DA2FE80877F106C16
                                                                                                                              SHA-512:821985FF5BC421BD16B2FA5F77F1F4BF8472D0D1564BC5768E4DBE866EC52865A98356BB3EF23A380058ACD0A25CD5A40A1E0DAE479F15863E48C4482C89A03F
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......RH:..)T..)T..)T..Q...)T..VU..)T..VQ..)T..VP..)T..VW..)T.,.U..)T.]QU..)T..)U.s)T.,.Y.,)T.,.T..)T.,....)T.,.V..)T.Rich.)T.........PE..d... Bre.........." ...%.d...........6....................................................`..........................................%..L...\%..x....p.......P.......@.../......4.......T...........................p...@............................................text....b.......d.................. ..`.rdata..............h..............@..@.data...(....@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..4............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\_multiprocessing.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35096
                                                                                                                              Entropy (8bit):6.462269556682856
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:sgYvrenSE0PcxxQ0zi+m1IpWtz5YiSyvyAMxkEs1:JYTQSCxQ0zlm1IpWt97Sy4xu
                                                                                                                              MD5:C0A06AEBBD57D2420037162FA5A3142B
                                                                                                                              SHA1:1D82BA750128EB51070CDEB0C69AC75117E53B43
                                                                                                                              SHA-256:5673B594E70D1FDAAD3895FC8C3676252B7B675656FB88EF3410BC93BB0E7687
                                                                                                                              SHA-512:DDF2C4D22B2371A8602601A05418EF712E03DEF66E2D8E8814853CDD989ED457EFBD6032F4A4A3E9ECCA9915D99C249DFD672670046461A9FE510A94DA085FBF
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........*..y..y..y..y..y...x..y...x..y...x..y...x..y.J.x..y..y..y...x..y.J.x..y.J.x..y.Jky..y.J.x..yRich..y................PE..d....Are.........." ...%.....>......P...............................................|w....`.........................................0E..`....E..x............p.......Z.../...........4..T............................3..@............0...............................text............................... ..`.rdata..r ...0..."..."..............@..@.data........`.......D..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\_queue.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):32536
                                                                                                                              Entropy (8bit):6.46409711645548
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:0k+Eq6rf65MoJ/MBIpQUh5YiSyv/AMxkEG:55fhoJEBIpQUP7SynxC
                                                                                                                              MD5:5AA4B057BA2331EED6B4B30F4B3E0D52
                                                                                                                              SHA1:6B9DB113C2882743984C3D8B70EC49FC4A136C23
                                                                                                                              SHA-256:D43DCA0E00C3C11329B68177E967CF5240495C4786F5AFA76AC4F267C3A5CDB9
                                                                                                                              SHA-512:AA5AA3285EA5C177ECA055949C5F550DBD2D2699202A29EFE2077213CBC95FFF2A36D99EECCE249AC04D95BAF149B3D8C557A67FC39EAD3229F0B329E83447B7
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z2.\.Sa..Sa..Sa..+...Sa..,`..Sa..,d..Sa..,e..Sa..,b..Sa.$.`..Sa.U+`..Sa..S`.USa.$.l..Sa.$.a..Sa.$...Sa.$.c..Sa.Rich.Sa.........PE..d....Are.........." ...%.....8......................................................[%....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..8............................text............................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\_socket.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):83224
                                                                                                                              Entropy (8bit):6.336611500173631
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:MUuhDLiJvz76Hl+ZWly+uC69/s+S+pzcHst8/n1IsJHO7sBIpLwfB7SysaZx7:MU6DL4vHAy+uC69/sT+pzus81IwHO7sl
                                                                                                                              MD5:439B3AD279BEFA65BB40ECEBDDD6228B
                                                                                                                              SHA1:D3EA91AE7CAD9E1EBEC11C5D0517132BBC14491E
                                                                                                                              SHA-256:24017D664AF20EE3B89514539345CAAC83ECA34825FCF066A23E8A4C99F73E6D
                                                                                                                              SHA-512:A335E1963BB21B34B21AEF6B0B14BA8908A5343B88F65294618E029E3D4D0143EA978A5FD76D2DF13A918FFAB1E2D7143F5A1A91A35E0CC1145809B15AF273BD
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|../8z.|8z.|8z.|1.T|>z.|-..}:z.|-..}5z.|-..}0z.|-..};z.|...}:z.|8z.|.z.|s..}1z.|...}9z.|...}9z.|..8|9z.|...}9z.|Rich8z.|........PE..d....Bre.........." ...%.v...........-.......................................`............`.............................................P............@.......0.........../...P..........T...............................@............................................text....u.......v.................. ..`.rdata...x.......z...z..............@..@.data...H...........................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\_ssl.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):177432
                                                                                                                              Entropy (8bit):5.976278188413444
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:ECRW4ljuyKK8vZktW5NP6Xf9N54eNWXvM4VRJNI7IM/cbP7RHs3FJZtIpC7f6:EmfEyKKaZP6Xf92MSV+JZM
                                                                                                                              MD5:6774D6FB8B9E7025254148DC32C49F47
                                                                                                                              SHA1:212E232DA95EC8473EB0304CF89A5BAF29020137
                                                                                                                              SHA-256:2B6F1B1AC47CB7878B62E8D6BB587052F86CA8145B05A261E855305B9CA3D36C
                                                                                                                              SHA-512:5D9247DCE96599160045962AF86FC9E5439F66A7E8D15D1D00726EC1B3B49D9DD172D667380D644D05CB18E45A5419C2594B4BCF5A16EA01542AE4D7D9A05C6E
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........._..............V......................................f......e...........-............f.......f.......f:......f......Rich....................PE..d...#Bre.........." ...%............\,...............................................t....`......................................... ...d.......................8......../......x...@...T...............................@............................................text.............................. ..`.rdata...!......."..................@..@.data...(...........................@....pdata..8............^..............@..@.rsrc................j..............@..@.reloc..x............t..............@..B................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\_wmi.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):36632
                                                                                                                              Entropy (8bit):6.358330339853201
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:6RxnHG7MYGQd0fmdzA77yeutIpCiq5YiSyvtGAMxkENy:6Rxnm7M6dKmdzA77yeutIpCio7SyCxZy
                                                                                                                              MD5:CB0564BC74258CB1320C606917CE5A71
                                                                                                                              SHA1:5B2BFC0D997CC5B7D985BFADDDBFC180CB01F7CF
                                                                                                                              SHA-256:0342916A60A7B39BBD5753D85E1C12A4D6F990499753D467018B21CEFA49CF32
                                                                                                                              SHA-512:43F3AFA9801FCF5574A30F4D3E7AE6AFF65C7716462F9ABA5BC8055887A44BF38FBA121639D8B31427E738752FE3B085D1D924DE2633F4C042433E1960023F38
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........S..............l..............................z.......................................z.......z.......z.......z......Rich....................PE..d....Are.........." ...%.(...:.......&..............................................N.....`..........................................T..H....T...............p..`....`.../......t...DG..T............................C..@............@.......S..@....................text....&.......(.................. ..`.rdata..D....@... ...,..............@..@.data........`.......L..............@....pdata..`....p.......P..............@..@.rsrc................T..............@..@.reloc..t............^..............@..B................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-console-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12240
                                                                                                                              Entropy (8bit):6.608323768366966
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:KFOWWthWzWf9BvVVWQ4mWqyVT/gqnajKsrCS81:uZWthWeN01IlGsrCt
                                                                                                                              MD5:07EBE4D5CEF3301CCF07430F4C3E32D8
                                                                                                                              SHA1:3B878B2B2720915773F16DBA6D493DAB0680AC5F
                                                                                                                              SHA-256:8F8B79150E850ACC92FD6AAB614F6E3759BEA875134A62087D5DD65581E3001F
                                                                                                                              SHA-512:6C7E4DF62EBAE9934B698F231CF51F54743CF3303CD758573D00F872B8ECC2AF1F556B094503AAE91100189C0D0A93EAF1B7CAFEC677F384A1D7B4FDA2EEE598
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0............`A........................................p...,............ ...................!..............p............................................................................rdata..d...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11736
                                                                                                                              Entropy (8bit):6.6074868843808785
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:PUWthW6Wf9BvVVWQ4SWZifvXqnajJ6HNbLet:MWthW3NhXll6HZm
                                                                                                                              MD5:557405C47613DE66B111D0E2B01F2FDB
                                                                                                                              SHA1:DE116ED5DE1FFAA900732709E5E4EEF921EAD63C
                                                                                                                              SHA-256:913EAAA7997A6AEE53574CFFB83F9C9C1700B1D8B46744A5E12D76A1E53376FD
                                                                                                                              SHA-512:C2B326F555B2B7ACB7849402AC85922880105857C616EF98F7FB4BBBDC2CD7F2AF010F4A747875646FCC272AB8AA4CE290B6E09A9896CE1587E638502BD4BEFB
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...p.~..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..H...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11728
                                                                                                                              Entropy (8bit):6.622854484071805
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:tlWthWFWf9BvVVWQ4mWIzWLiP+CjAWqnajKsNb7:/WthWANnWLiP+CcWlGsNb7
                                                                                                                              MD5:624401F31A706B1AE2245EB19264DC7F
                                                                                                                              SHA1:8D9DEF3750C18DDFC044D5568E3406D5D0FB9285
                                                                                                                              SHA-256:58A8D69DF60ECBEE776CD9A74B2A32B14BF2B0BD92D527EC5F19502A0D3EB8E9
                                                                                                                              SHA-512:3353734B556D6EEBC57734827450CE3B34D010E0C033E95A6E60800C0FDA79A1958EBF9053F12054026525D95D24EEC541633186F00F162475CEC19F07A0D817
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...YJ..........." .........................................................0.......s....`A........................................p................ ...................!..............p............................................................................rdata..T...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11728
                                                                                                                              Entropy (8bit):6.670771733256744
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:1mxD3+HWthWiWf9BvVVWQ4WWuhD7DiqnajKswz3:19HWthWfN/GlGswz3
                                                                                                                              MD5:2DB5666D3600A4ABCE86BE0099C6B881
                                                                                                                              SHA1:63D5DDA4CEC0076884BC678C691BDD2A4FA1D906
                                                                                                                              SHA-256:46079C0A1B660FC187AAFD760707F369D0B60D424D878C57685545A3FCE95819
                                                                                                                              SHA-512:7C6E1E022DB4217A85A4012C8E4DAEE0A0F987E4FBA8A4C952424EF28E250BAC38B088C242D72B4641157B7CC882161AEFA177765A2E23AFCDC627188A084345
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....^[..........." .........................................................0......@^....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-file-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15328
                                                                                                                              Entropy (8bit):6.561472518225768
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:RaNYPvVX8rFTsoWthWgWf9BvVVWQ4SWfMaPOoI80Hy5qnajslBE87QyX:HPvVXqWthWlN2WlslEE87Qw
                                                                                                                              MD5:0F7D418C05128246AFA335A1FB400CB9
                                                                                                                              SHA1:F6313E371ED5A1DFFE35815CC5D25981184D0368
                                                                                                                              SHA-256:5C9BC70586AD538B0DF1FCF5D6F1F3527450AE16935AA34BD7EB494B4F1B2DB9
                                                                                                                              SHA-512:7555D9D3311C8622DF6782748C2186A3738C4807FC58DF2F75E539729FC4069DB23739F391950303F12E0D25DF9F065B4C52E13B2EBB6D417CA4C12CFDECA631
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...*.;A.........." .........................................................@.......m....`A........................................p................0...................!..............p............................................................................rdata..<...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-file-l1-2-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11728
                                                                                                                              Entropy (8bit):6.638884356866373
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:jlWaWthWAWf9BvVVWQ4WWloprVP+CjAWqnajKsNWqL:jIaWthWFNxtVP+CcWlGsNxL
                                                                                                                              MD5:5A72A803DF2B425D5AAFF21F0F064011
                                                                                                                              SHA1:4B31963D981C07A7AB2A0D1A706067C539C55EC5
                                                                                                                              SHA-256:629E52BA4E2DCA91B10EF7729A1722888E01284EED7DDA6030D0A1EC46C94086
                                                                                                                              SHA-512:BF44997C405C2BA80100EB0F2FF7304938FC69E4D7AE3EAC52B3C236C3188E80C9F18BDA226B5F4FDE0112320E74C198AD985F9FFD7CEA99ACA22980C39C7F69
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...=+vj.........." .........................................................0.......N....`A........................................p...L............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-file-l2-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11744
                                                                                                                              Entropy (8bit):6.744400973311854
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:imdzvQzEWthWwMVDEs3f0DHDsVBIwgmqvrnDD0ADEs3TDL2L4m2grMWaLN5DEs3r:v3WthWyWf9BvVVWQ4SWVVFJqqnajW2y
                                                                                                                              MD5:721B60B85094851C06D572F0BD5D88CD
                                                                                                                              SHA1:4D0EE4D717AEB9C35DA8621A545D3E2B9F19B4E7
                                                                                                                              SHA-256:DAC867476CAA42FF8DF8F5DFE869FFD56A18DADEE17D47889AFB69ED6519AFBF
                                                                                                                              SHA-512:430A91FCECDE4C8CC4AC7EB9B4C6619243AB244EE88C34C9E93CA918E54BD42B08ACA8EA4475D4C0F5FA95241E4AACB3206CBAE863E92D15528C8E7C9F45601B
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........................................................0......T`....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11736
                                                                                                                              Entropy (8bit):6.638488013343178
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:frWthWFWf9BvVVWQ4SWNOfvXqnajJ6H4WJ:frWthWANRXll6H4WJ
                                                                                                                              MD5:D1DF480505F2D23C0B5C53DF2E0E2A1A
                                                                                                                              SHA1:207DB9568AFD273E864B05C87282987E7E81D0BA
                                                                                                                              SHA-256:0B3DFB8554EAD94D5DA7859A12DB353942406F9D1DFE3FAC3D48663C233EA99D
                                                                                                                              SHA-512:F14239420F5DD84A15FF5FCA2FAD81D0AA9280C566FA581122A018E10EBDF308AC0BF1D3FCFC08634C1058C395C767130C5ABCA55540295C68DF24FFD931CA0A
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....(..........." .........................................................0......;.....`A........................................p...`............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12256
                                                                                                                              Entropy (8bit):6.588267640761022
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:txlkWthW2Wf9BvVVWQ4SWBBBuUgxfzfqnaj0OTWv:txlkWthW7NkIrloFv
                                                                                                                              MD5:73433EBFC9A47ED16EA544DDD308EAF8
                                                                                                                              SHA1:AC1DA1378DD79762C6619C9A63FD1EBE4D360C6F
                                                                                                                              SHA-256:C43075B1D2386A8A262DE628C93A65350E52EAE82582B27F879708364B978E29
                                                                                                                              SHA-512:1C28CC0D3D02D4C308A86E9D0BC2DA88333DFA8C92305EC706F3E389F7BB6D15053040AFD1C4F0AA3383F3549495343A537D09FE882DB6ED12B7507115E5A263
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....pi..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..<...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11728
                                                                                                                              Entropy (8bit):6.678828474114903
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:4TWthWckWf9BvVVWQ4mWQAyUD7DiqnajKswzjdg:4TWthWcRNqGlGswzji
                                                                                                                              MD5:7C7B61FFA29209B13D2506418746780B
                                                                                                                              SHA1:08F3A819B5229734D98D58291BE4BFA0BEC8F761
                                                                                                                              SHA-256:C23FE8D5C3CA89189D11EC8DF983CC144D168CB54D9EAB5D9532767BCB2F1FA3
                                                                                                                              SHA-512:6E5E3485D980E7E2824665CBFE4F1619B3E61CE3BCBF103979532E2B1C3D22C89F65BCFBDDBB5FE88CDDD096F8FD72D498E8EE35C3C2307BACECC6DEBBC1C97F
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....|............" .........................................................0.......3....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12752
                                                                                                                              Entropy (8bit):6.602852377056617
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:Us13vuBL3B5LoWthW7Wf9BvVVWQ4mWgB7OQP+CjAWqnajKsN9arO:Us13vuBL3B2WthWmNVXP+CcWlGsN9P
                                                                                                                              MD5:6D0550D3A64BD3FD1D1B739133EFB133
                                                                                                                              SHA1:C7596FDE7EA1C676F0CC679CED8BA810D15A4AFE
                                                                                                                              SHA-256:F320F9C0463DE641B396CE7561AF995DE32211E144407828B117088CF289DF91
                                                                                                                              SHA-512:5DA9D490EF54A1129C94CE51349399B9012FC0D4B575AE6C9F1BAFCFCF7F65266F797C539489F882D4AD924C94428B72F5137009A851ECB541FE7FB9DE12FEB2
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...]. ,.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..X...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):14800
                                                                                                                              Entropy (8bit):6.528059454770997
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:On2OMw3zdp3bwjGfue9/0jCRrndbZWWthWdNHhfVlGsSH:/OMwBprwjGfue9/0jCRrndbLEKv
                                                                                                                              MD5:1ED0B196AB58EDB58FCF84E1739C63CE
                                                                                                                              SHA1:AC7D6C77629BDEE1DF7E380CC9559E09D51D75B7
                                                                                                                              SHA-256:8664222823E122FCA724620FD8B72187FC5336C737D891D3CEF85F4F533B8DE2
                                                                                                                              SHA-512:E1FA7F14F39C97AAA3104F3E13098626B5F7CFD665BA52DCB2312A329639AAF5083A9177E4686D11C4213E28ACC40E2C027988074B6CC13C5016D5C5E9EF897B
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...w............" .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12240
                                                                                                                              Entropy (8bit):6.659218747104705
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:2E+tWthWvWf9BvVVWQ4mWxHD7DiqnajKswzGIAf:T+tWthWiNcGlGswzLAf
                                                                                                                              MD5:721BAEA26A27134792C5CCC613F212B2
                                                                                                                              SHA1:2A27DCD2436DF656A8264A949D9CE00EAB4E35E8
                                                                                                                              SHA-256:5D9767D8CCA0FBFD5801BFF2E0C2ADDDD1BAAAA8175543625609ABCE1A9257BD
                                                                                                                              SHA-512:9FD6058407AA95058ED2FDA9D391B7A35FA99395EC719B83C5116E91C9B448A6D853ECC731D0BDF448D1436382EECC1FA9101F73FA242D826CC13C4FD881D9BD
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...,OT..........." .........................................................0...........`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11728
                                                                                                                              Entropy (8bit):6.739082809754283
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:vdWthW8Wf9BvVVWQ4mWG2P+CjAWqnajKsNt:lWthWJNUP+CcWlGsNt
                                                                                                                              MD5:B3F887142F40CB176B59E58458F8C46D
                                                                                                                              SHA1:A05948ABA6F58EB99BBAC54FA3ED0338D40CBFAD
                                                                                                                              SHA-256:8E015CDF2561450ED9A0773BE1159463163C19EAB2B6976155117D16C36519DA
                                                                                                                              SHA-512:7B762319EC58E3FCB84B215AE142699B766FA9D5A26E1A727572EE6ED4F5D19C859EFB568C0268846B4AA5506422D6DD9B4854DA2C9B419BFEC754F547203F7E
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...X.j..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12752
                                                                                                                              Entropy (8bit):6.601112204637961
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:GFPWthW5Wf9BvVVWQ4mWc0ZD7DiqnajKswzczr:GFPWthWsNiGlGswzq
                                                                                                                              MD5:89F35CB1212A1FD8FBE960795C92D6E8
                                                                                                                              SHA1:061AE273A75324885DD098EE1FF4246A97E1E60C
                                                                                                                              SHA-256:058EB7CE88C22D2FF7D3E61E6593CA4E3D6DF449F984BF251D9432665E1517D1
                                                                                                                              SHA-512:F9E81F1FEAB1535128B16E9FF389BD3DAAAB8D1DABF64270F9E563BE9D370C023DE5D5306DD0DE6D27A5A099E7C073D17499442F058EC1D20B9D37F56BCFE6D2
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...ig............" .........................................................0......H.....`A........................................p...H............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):14288
                                                                                                                              Entropy (8bit):6.521808801015781
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:/uUk1Jzb9cKcIzWthWzaWf9BvVVWQ4mWmrcLUVT/gqnajKsrCOV:/bk1JzBcKcIzWthWzXNz1IlGsrCOV
                                                                                                                              MD5:0C933A4B3C2FCF1F805EDD849428C732
                                                                                                                              SHA1:B8B19318DBB1D2B7D262527ABD1468D099DE3FB6
                                                                                                                              SHA-256:A5B733E3DCE21AB62BD4010F151B3578C6F1246DA4A96D51AC60817865648DD3
                                                                                                                              SHA-512:B25ED54345A5B14E06AA9DADD07B465C14C23225023D7225E04FBD8A439E184A7D43AB40DF80E3F8A3C0F2D5C7A79B402DDC6B9093D0D798E612F4406284E39D
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....U..........." .........................................................0......Y.....`A........................................p................ ...................!..............p............................................................................rdata..4...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12240
                                                                                                                              Entropy (8bit):6.671157737548847
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:7oDfIeVWthWZWf9BvVVWQ4mWaHvP+CjAWqnajKsNZ:7oDfIeVWthWMNVP+CcWlGsNZ
                                                                                                                              MD5:7E8B61D27A9D04E28D4DAE0BFA0902ED
                                                                                                                              SHA1:861A7B31022915F26FB49C79AC357C65782C9F4B
                                                                                                                              SHA-256:1EF06C600C451E66E744B2CA356B7F4B7B88BA2F52EC7795858D21525848AC8C
                                                                                                                              SHA-512:1C5B35026937B45BEB76CB8D79334A306342C57A8E36CC15D633458582FC8F7D9AB70ACE7A92144288C6C017F33ECFC20477A04432619B40A21C9CDA8D249F6D
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........................................................0......N.....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11728
                                                                                                                              Entropy (8bit):6.599056003106114
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:gR7WthWTVWf9BvVVWQ4mWg2a5P+CjAWqnajKsNQbWl:gVWthWkN/P+CcWlGsNMg
                                                                                                                              MD5:8D12FFD920314B71F2C32614CC124FEC
                                                                                                                              SHA1:251A98F2C75C2E25FFD0580F90657A3EA7895F30
                                                                                                                              SHA-256:E63550608DD58040304EA85367E9E0722038BA8E7DC7BF9D91C4D84F0EC65887
                                                                                                                              SHA-512:5084C739D7DE465A9A78BCDBB8A3BD063B84A68DCFD3C9EF1BFA224C1CC06580E2A2523FD4696CFC48E9FD068A2C44DBC794DD9BDB43DC74B4E854C82ECD3EA5
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....X4.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12240
                                                                                                                              Entropy (8bit):6.602527553095181
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:zGeVfcWthW+Wf9BvVVWQ4mWMiSID7DiqnajKswz5g:zGeVfcWthWjN6SIGlGswza
                                                                                                                              MD5:9FA3FC24186D912B0694A572847D6D74
                                                                                                                              SHA1:93184E00CBDDACAB7F2AD78447D0EAC1B764114D
                                                                                                                              SHA-256:91508AB353B90B30FF2551020E9755D7AB0E860308F16C2F6417DFB2E9A75014
                                                                                                                              SHA-512:95AD31C9082F57EA57F5B4C605331FCAD62735A1862AFB01EF8A67FEA4E450154C1AE0C411CF3AC5B9CD35741F8100409CC1910F69C1B2D807D252389812F594
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....P..........." .........................................................0.......`....`A........................................p................ ...................!..............p............................................................................rdata..P...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-string-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11728
                                                                                                                              Entropy (8bit):6.6806369134652055
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:qyMv0WthWPWf9BvVVWQ4mWIv/r+YVqnajKsSF:qyMv0WthWCNBfVlGsSF
                                                                                                                              MD5:C9CBAD5632D4D42A1BC25CCFA8833601
                                                                                                                              SHA1:09F37353A89F1BFE49F7508559DA2922B8EFEB05
                                                                                                                              SHA-256:F3A7A9C98EBE915B1B57C16E27FFFD4DDF31A82F0F21C06FE292878E48F5883E
                                                                                                                              SHA-512:2412E0AFFDC6DB069DE7BD9666B7BAA1CD76AA8D976C9649A4C2F1FFCE27F8269C9B02DA5FD486EC86B54231B1A5EBF6A1C72790815B7C253FEE1F211086892F
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....E.=.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..,...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):13776
                                                                                                                              Entropy (8bit):6.573983778839785
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:miwidv3V0dfpkXc0vVauzIWthWLN3fVlGsStY:nHdv3VqpkXc0vVaKbiYlY
                                                                                                                              MD5:4CCDE2D1681217E282996E27F3D9ED2E
                                                                                                                              SHA1:8EDA134B0294ED35E4BBAC4911DA620301A3F34D
                                                                                                                              SHA-256:D6708D1254ED88A948871771D6D1296945E1AA3AEB7E33E16CC378F396C61045
                                                                                                                              SHA-512:93FE6AE9A947AC88CC5ED78996E555700340E110D12B2651F11956DB7CEE66322C269717D31FCCB31744F4C572A455B156B368F08B70EDA9EFFEC6DE01DBAB23
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....k,..........." .........................................................0......3.....`A........................................p...X............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12240
                                                                                                                              Entropy (8bit):6.7137872023984055
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:TtZ3KjWthWzWf9BvVVWQ4mWXU0P+CjAWqnajKsN2v:TtZ3KjWthWeNwP+CcWlGsNa
                                                                                                                              MD5:E86CFC5E1147C25972A5EEFED7BE989F
                                                                                                                              SHA1:0075091C0B1F2809393C5B8B5921586BDD389B29
                                                                                                                              SHA-256:72C639D1AFDA32A65143BCBE016FE5D8B46D17924F5F5190EB04EFE954C1199A
                                                                                                                              SHA-512:EA58A8D5AA587B7F5BDE74B4D394921902412617100ED161A7E0BEF6B3C91C5DAE657065EA7805A152DD76992997017E070F5415EF120812B0D61A401AA8C110
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...jN/..........." .........................................................0............`A........................................p...x............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12768
                                                                                                                              Entropy (8bit):6.614330511483598
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:vgdKIMFYJWthW2Wf9BvVVWQ4SW2zZ7uUgxfzfqnaj0OGWh:0hJWthW7NBzIrloYh
                                                                                                                              MD5:206ADCB409A1C9A026F7AFDFC2933202
                                                                                                                              SHA1:BB67E1232A536A4D1AE63370BD1A9B5431335E77
                                                                                                                              SHA-256:76D8E4ED946DEEFEEFA0D0012C276F0B61F3D1C84AF00533F4931546CBB2F99E
                                                                                                                              SHA-512:727AA0C4CD1A0B7E2AFFDCED5DA3A0E898E9BAE3C731FF804406AD13864CEE2B27E5BAAC653BAB9A0D2D961489915D4FCAD18557D4383ECB0A066902276955A7
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....~y..........." .........................................................0............`A........................................p...H............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12240
                                                                                                                              Entropy (8bit):6.704366348384627
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:Ha2WthWKOWf9BvVVWQ4mWNOrVT/gqnajKsrCkb:Ha2WthWKTNz1IlGsrCo
                                                                                                                              MD5:91A2AE3C4EB79CF748E15A58108409AD
                                                                                                                              SHA1:D402B9DF99723EA26A141BFC640D78EAF0B0111B
                                                                                                                              SHA-256:B0EDA99EABD32FEFECC478FD9FE7439A3F646A864FDAB4EC3C1F18574B5F8B34
                                                                                                                              SHA-512:8527AF610C1E2101B6F336A142B1A85AC9C19BB3AF4AD4A245CFB6FD602DC185DA0F7803358067099475102F3A8F10A834DC75B56D3E6DED2ED833C00AD217ED
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....%j.........." .........................................................0......|B....`A........................................p...P............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-core-util-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11728
                                                                                                                              Entropy (8bit):6.623077637622405
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:jWthWYWf9BvVVWQ4mWd8l1P+CjAWqnajKsNeCw:jWthW9NnP+CcWlGsNex
                                                                                                                              MD5:1E4C4C8E643DE249401E954488744997
                                                                                                                              SHA1:DB1C4C0FC907100F204B21474E8CD2DB0135BC61
                                                                                                                              SHA-256:F28A8FE2CD7E8E00B6D2EC273C16DB6E6EEA9B6B16F7F69887154B6228AF981E
                                                                                                                              SHA-512:EF8411FD321C0E363C2E5742312CC566E616D4B0A65EFF4FB6F1B22FDBEA3410E1D75B99E889939FF70AD4629C84CEDC88F6794896428C5F0355143443FDC3A3
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....R..........." .........................................................0............`A........................................p...<............ ...................!..............p............................................................................rdata..p...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12752
                                                                                                                              Entropy (8bit):6.643812426159955
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:fSWthWvWf9BvVVWQ4mWFl5P+CjAWqnajKsNifl:aWthWiN+5P+CcWlGsNiN
                                                                                                                              MD5:FA770BCD70208A479BDE8086D02C22DA
                                                                                                                              SHA1:28EE5F3CE3732A55CA60AEE781212F117C6F3B26
                                                                                                                              SHA-256:E677497C1BAEFFFB33A17D22A99B76B7FA7AE7A0C84E12FDA27D9BE5C3D104CF
                                                                                                                              SHA-512:F8D81E350CEBDBA5AFB579A072BAD7986691E9F3D4C9FEBCA8756B807301782EE6EB5BA16B045CFA29B6E4F4696E0554C718D36D4E64431F46D1E4B1F42DC2B8
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................" .........................................................0......l.....`A........................................P................ ...................!..............p............................................................................rdata..@...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15824
                                                                                                                              Entropy (8bit):6.438848882089563
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:yjQ/w8u4cyNWthWYWf9BvVVWQ4mWhu1BVT/gqnajKsrC74m:8yNWthW9Np1IlGsrCEm
                                                                                                                              MD5:4EC4790281017E616AF632DA1DC624E1
                                                                                                                              SHA1:342B15C5D3E34AB4AC0B9904B95D0D5B074447B7
                                                                                                                              SHA-256:5CF5BBB861608131B5F560CBF34A3292C80886B7C75357ACC779E0BF98E16639
                                                                                                                              SHA-512:80C4E20D37EFF29C7577B2D0ED67539A9C2C228EDB48AB05D72648A6ED38F5FF537715C130342BEB0E3EF16EB11179B9B484303354A026BDA3A86D5414D24E69
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....P............" .........................................................@............`A........................................P................0...................!..............p............................................................................rdata..>...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12240
                                                                                                                              Entropy (8bit):6.6061629057490245
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:vWOPWthWAWf9BvVVWQ4mWWbgftmP+CjAWqnajKsNURPblh:BWthWFN+f8P+CcWlGsNURzv
                                                                                                                              MD5:7A859E91FDCF78A584AC93AA85371BC9
                                                                                                                              SHA1:1FA9D9CAD7CC26808E697373C1F5F32AAF59D6B7
                                                                                                                              SHA-256:B7EE468F5B6C650DADA7DB3AD9E115A0E97135B3DF095C3220DFD22BA277B607
                                                                                                                              SHA-512:A368F21ECA765AFCA86E03D59CF953500770F4A5BFF8B86B2AC53F1B5174C627E061CE9A1F781DC56506774E0D0B09725E9698D4DC2D3A59E93DA7EF3D900887
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...t............." .........................................................0......H.....`A........................................P..."............ ...................!..............p............................................................................rdata..r...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):13776
                                                                                                                              Entropy (8bit):6.65347762698107
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:WxSnWlC0i5ClWthWTWf9BvVVWQ4mW+hkKVT/gqnajKsrCw/:WxSnWm5ClWthW+NkK1IlGsrCY
                                                                                                                              MD5:972544ADE7E32BFDEB28B39BC734CDEE
                                                                                                                              SHA1:87816F4AFABBDEC0EC2CFEB417748398505C5AA9
                                                                                                                              SHA-256:7102F8D9D0F3F689129D7FE071B234077FBA4DD3687071D1E2AEAA137B123F86
                                                                                                                              SHA-512:5E1131B405E0C7A255B1C51073AFF99E2D5C0D28FD3E55CABC04D463758A575A954008EA1BA5B4E2B345B49AF448B93AD21DFC4A01573B3CB6E7256D9ECCEEF1
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...1............" .........................................................0......':....`A........................................P................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12752
                                                                                                                              Entropy (8bit):6.58394079658593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:YFY17aFBRQWthWIWf9BvVVWQ4mWHhOP+CjAWqnajKsNngJ:YQtWthWNNdP+CcWlGsNI
                                                                                                                              MD5:8906279245F7385B189A6B0B67DF2D7C
                                                                                                                              SHA1:FCF03D9043A2DAAFE8E28DEE0B130513677227E4
                                                                                                                              SHA-256:F5183B8D7462C01031992267FE85680AB9C5B279BEDC0B25AB219F7C2184766F
                                                                                                                              SHA-512:67CAC89AE58CC715976107F3BDF279B1E78945AFD07E6F657E076D78E92EE1A98E3E7B8FEAE295AF5CE35E00C804F3F53A890895BADB1EED32377D85C21672B9
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0.......l....`A........................................P................ ...................!..............p............................................................................rdata..f...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12240
                                                                                                                              Entropy (8bit):6.696904963591775
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:m8qWthWLWf9BvVVWQ4WWLXlyBZr+YVqnajKsS1:mlWthWWN0uZfVlGsS1
                                                                                                                              MD5:DD8176E132EEDEA3322443046AC35CA2
                                                                                                                              SHA1:D13587C7CC52B2C6FBCAA548C8ED2C771A260769
                                                                                                                              SHA-256:2EB96422375F1A7B687115B132A4005D2E7D3D5DC091FB0EB22A6471E712848E
                                                                                                                              SHA-512:77CB8C44C8CC8DD29997FBA4424407579AC91176482DB3CF7BC37E1F9F6AA4C4F5BA14862D2F3A9C05D1FDD7CA5A043B5F566BD0E9A9E1ED837DA9C11803B253
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...r..[.........." .........................................................0.......P....`A........................................P...e............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20944
                                                                                                                              Entropy (8bit):6.216554714002396
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:rQM4Oe59Ckb1hgmLRWthW0N0JBJ1IlGsrC5W:sMq59Bb1jYNABHJc
                                                                                                                              MD5:A6A3D6D11D623E16866F38185853FACD
                                                                                                                              SHA1:FBEADD1E9016908ECCE5753DE1D435D6FCF3D0B5
                                                                                                                              SHA-256:A768339F0B03674735404248A039EC8591FCBA6FF61A3C6812414537BADD23B0
                                                                                                                              SHA-512:ABBF32CEB35E5EC6C1562F9F3B2652B96B7DBD97BFC08D918F987C0EC0503E8390DD697476B2A2389F0172CD8CF16029FD2EC5F32A9BA3688BF2EBEEFB081B2C
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........,...............................................P............`A........................................P....%...........@...............0...!..............p............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12752
                                                                                                                              Entropy (8bit):6.604643094751227
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:uFdyqjd7NWthWxWf9BvVVWQ4mW+JZD7DiqnajKswzR1:YQsWthWkNfZGlGswzR1
                                                                                                                              MD5:074B81A625FB68159431BB556D28FAB5
                                                                                                                              SHA1:20F8EAD66D548CFA861BC366BB1250CED165BE24
                                                                                                                              SHA-256:3AF38920E767BD9EBC08F88EAF2D08C748A267C7EC60EAB41C49B3F282A4CF65
                                                                                                                              SHA-512:36388C3EFFA0D94CF626DECAA1DA427801CC5607A2106ABDADF92252C6F6FD2CE5BF0802F5D0A4245A1FFDB4481464C99D60510CF95E83EBAF17BD3D6ACBC3DC
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....u..........." .........................................................0............`A........................................P...x............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16336
                                                                                                                              Entropy (8bit):6.449023660091811
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:eUW9MPrpJhhf4AN5/KihWthWBWf9BvVVWQ4mWRXwsD7DiqnajKswzK:eUZr7HWthWUNkGlGswzK
                                                                                                                              MD5:F1A23C251FCBB7041496352EC9BCFFBE
                                                                                                                              SHA1:BE4A00642EC82465BC7B3D0CC07D4E8DF72094E8
                                                                                                                              SHA-256:D899C2F061952B3B97AB9CDBCA2450290B0F005909DDD243ED0F4C511D32C198
                                                                                                                              SHA-512:31F8C5CD3B6E153073E2E2EDF0CA8072D0F787784F1611A57219349C1D57D6798A3ADBD6942B0F16CEF781634DD8691A5EC0B506DF21B24CB70AEE5523A03FD9
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....h.y.........." .........................................................@............`A........................................P...4............0...................!..............p............................................................................rdata..............................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):17872
                                                                                                                              Entropy (8bit):6.3934828478655685
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:hA2uWYFxEpahDWthWDWf9BvVVWQ4mWR3ir+YVqnajKsSO:hIFVhDWthWONlfVlGsSO
                                                                                                                              MD5:55B2EB7F17F82B2096E94BCA9D2DB901
                                                                                                                              SHA1:44D85F1B1134EE7A609165E9C142188C0F0B17E0
                                                                                                                              SHA-256:F9D3F380023A4C45E74170FE69B32BCA506EE1E1FBE670D965D5B50C616DA0CB
                                                                                                                              SHA-512:0CF0770F5965A83F546253DECFA967D8F85C340B5F6EA220D3CAA14245F3CDB37C53BF8D3DA6C35297B22A3FA88E7621202634F6B3649D7D9C166A221D3456A5
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d......w.........." ......... ...............................................@......>>....`A........................................P...a............0...............$...!..............p............................................................................rdata..............................@..@.rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18384
                                                                                                                              Entropy (8bit):6.279474608881223
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:jvEvevdv8vPozmVx0C5yguNvZ5VQgx3SbwA7yMVIkFGlPWthWXNjqujGlGswz7:2ozmT5yguNvZ5VQgx3SbwA71IkFFaJft
                                                                                                                              MD5:9B79965F06FD756A5EFDE11E8D373108
                                                                                                                              SHA1:3B9DE8BF6B912F19F7742AD34A875CBE2B5FFA50
                                                                                                                              SHA-256:1A916C0DB285DEB02C0B9DF4D08DAD5EA95700A6A812EA067BD637A91101A9F6
                                                                                                                              SHA-512:7D4155C00D65C3554E90575178A80D20DC7C80D543C4B5C4C3F508F0811482515638FE513E291B82F958B4D7A63C9876BE4E368557B07FF062961197ED4286FB
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...$............" ........."...............................................@............`A........................................P................0...............&...!..............p............................................................................rdata../...........................@..@.rsrc........0......."..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):14288
                                                                                                                              Entropy (8bit):6.547753630184197
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:ENDCWthWHWf9BvVVWQ4mWG5xqcVT/gqnajKsrC/V:TWthW6N/xqc1IlGsrC/V
                                                                                                                              MD5:1D48A3189A55B632798F0E859628B0FB
                                                                                                                              SHA1:61569A8E4F37ADC353986D83EFC90DC043CDC673
                                                                                                                              SHA-256:B56BC94E8539603DD2F0FEA2F25EFD17966315067442507DB4BFFAFCBC2955B0
                                                                                                                              SHA-512:47F329102B703BFBB1EBAEB5203D1C8404A0C912019193C93D150A95BB0C5BA8DC101AC56D3283285F9F91239FC64A66A5357AFE428A919B0BE7194BADA1F64F
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...E............" .........................................................0......f.....`A........................................P................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12240
                                                                                                                              Entropy (8bit):6.686357863452704
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:ZjfHQdufWthWCWf9BvVVWQ4mWMlUteSP+CjAWqnajKsN0c:ZfZWthW/Nd4P+CcWlGsN0c
                                                                                                                              MD5:DBC27D384679916BA76316FB5E972EA6
                                                                                                                              SHA1:FB9F021F2220C852F6FF4EA94E8577368F0616A4
                                                                                                                              SHA-256:DD14133ADF5C534539298422F6C4B52739F80ACA8C5A85CA8C966DEA9964CEB1
                                                                                                                              SHA-512:CC0D8C56749CCB9D007B6D3F5C4A8F1D4E368BB81446EBCD7CC7B40399BBD56D0ACABA588CA172ECB7472A8CBDDBD4C366FFA38094A832F6D7E343B813BA565E
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....@n#.........." .........................................................0............`A........................................P...^............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\base_library.zip

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1332005
                                                                                                                              Entropy (8bit):5.586288557050693
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:uttcY+bStOmgRF1+fYNXPh26UZWAzCu7joqYnhjHgkVHdmmPnHz1d1YgCCaYcet:uttcY+UHCiCAd+cqHdmmPHzqEaYcet
                                                                                                                              MD5:CCEE0EA5BA04AA4FCB1D5A19E976B54F
                                                                                                                              SHA1:F7A31B2223F1579DA1418F8BFE679AD5CB8A58F5
                                                                                                                              SHA-256:EEB7F0B3E56B03454868411D5F62F23C1832C27270CEE551B9CA7D9D10106B29
                                                                                                                              SHA-512:4F29AC5DF211FEF941BD953C2D34CB0C769FB78475494746CB584790D9497C02BE35322B0C8F5C14FE88D4DD722733EDA12496DB7A1200224A014043F7D59166
                                                                                                                              Malicious:false
                                                                                                                              Preview:PK..........!.x[_C............_collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\libcrypto-3.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):5162776
                                                                                                                              Entropy (8bit):5.958207976652471
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:98304:S3+FRtLtlVriXpshX179Cahd4tC9P1+1CPwDvt3uFlDCi:ASRtLtvd99Cahd4tC9w1CPwDvt3uFlDz
                                                                                                                              MD5:51E8A5281C2092E45D8C97FBDBF39560
                                                                                                                              SHA1:C499C810ED83AAADCE3B267807E593EC6B121211
                                                                                                                              SHA-256:2A234B5AA20C3FAECF725BBB54FB33F3D94543F78FA7045408E905593E49960A
                                                                                                                              SHA-512:98B91719B0975CB38D3B3C7B6F820D184EF1B64D38AD8515BE0B8B07730E2272376B9E51631FE9EFD9B8A1709FEA214CF3F77B34EEB9FD282EB09E395120E7CB
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./',.kFB.kFB.kFB.b>..yFB..:C.iFB..:G.gFB..:F.cFB..:A.oFB.kFC..FB. >C.`FB.;A.KFB.;F..EB.;B.jFB.;..jFB.;@.jFB.RichkFB.........................PE..d...x..e.........." ...#..6..*......v.........................................O.......O...`.........................................0.G.0.....M.@....0N.|.....K.\.....N../...@N.....PsC.8............................qC.@.............M..............................text...4.6.......6................. ..`.rdata..`.....6.......6.............@..@.data....n....J..<....J.............@....pdata........K.......J.............@..@.idata...%....M..&....M.............@..@.00cfg..u.... N.......M.............@..@.rsrc...|....0N.......M.............@..@.reloc..k....@N.......M.............@..B................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\libffi-8.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):39696
                                                                                                                              Entropy (8bit):6.641880464695502
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                              MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                              SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                              SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                              SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\libssl-3.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):790296
                                                                                                                              Entropy (8bit):5.607732992846443
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:7aO1lo7USZGjweMMHO4+xuVg7gCl2VdhMd1DdwMVn4TERUr3zgKpJJ/wknofFe9A:FkeMKOr97gCAE35gEGzLpwknofFe9XbE
                                                                                                                              MD5:BFC834BB2310DDF01BE9AD9CFF7C2A41
                                                                                                                              SHA1:FB1D601B4FCB29FF1B13B0D2ED7119BD0472205C
                                                                                                                              SHA-256:41AD1A04CA27A7959579E87FBBDA87C93099616A64A0E66260C983381C5570D1
                                                                                                                              SHA-512:6AF473C7C0997F2847EBE7CEE8EF67CD682DEE41720D4F268964330B449BA71398FDA8954524F9A97CC4CDF9893B8BDC7A1CF40E9E45A73F4F35A37F31C6A9C3
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T..T..T..].3.Z....V......V....X....\....P....W..T..I....e....U.._.U....U..RichT..........PE..d......e.........." ...#.6..........K........................................0.......w....`..........................................w...Q..............s.... ..pM......./......`... ...8...............................@............................................text....4.......6.................. ..`.rdata...y...P...z...:..............@..@.data....N.......H..................@....pdata..XV... ...X..................@..@.idata..bc.......d...T..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..?...........................@..B................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\psutil\_psutil_windows.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):67072
                                                                                                                              Entropy (8bit):5.905419806967227
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:BWseNxkc7Xva0Y420G1UD+dS4QBeLmRy:BWkcbi0Y42bUD+dS44eiRy
                                                                                                                              MD5:3CBA71B6BC59C26518DC865241ADD80A
                                                                                                                              SHA1:7E9C609790B1DE110328BBBCBB4CD09B7150E5BD
                                                                                                                              SHA-256:E10B73D6E13A5AE2624630F3D8535C5091EF403DB6A00A2798F30874938EE996
                                                                                                                              SHA-512:3EF7E20E382D51D93C707BE930E12781636433650D0A2C27E109EBEBEBA1F30EA3E7B09AF985F87F67F6B9D2AC6A7A717435F94B9D1585A9EB093A83771B43F2
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`T..$5..$5..$5..-M3..5..v@..&5..v@..(5..v@..,5..v@.. 5...k..&5..oM..55..$5...5...@..45...@..%5...@_.%5...@..%5..Rich$5..........................PE..d.....e.........." .........h..............................................@............`.........................................P...`.......@.... .......................0..(.......................................8............................................text............................... ..`.rdata..|I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\pyexpat.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):199448
                                                                                                                              Entropy (8bit):6.385306498353421
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:jJB/b2LOWs5LS04q1uqtF+ai7dYbmdRLjDxKyw6XUWdRBIpLhCujk:dB6yx5LT1gqtF+XGeL/xiBoR4g
                                                                                                                              MD5:E2D1C738D6D24A6DD86247D105318576
                                                                                                                              SHA1:384198F20724E4EDE9E7B68E2D50883C664EEE49
                                                                                                                              SHA-256:CDC09FBAE2F103196215FACD50D108BE3EFF60C8EE5795DCC80BF57A0F120CDF
                                                                                                                              SHA-512:3F9CB64B4456438DEA82A0638E977F233FAF0A08433F01CA87BA65C7E80B0680B0EC3009FA146F02AE1FDCC56271A66D99855D222E77B59A1713CAF952A807DA
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W,.6B..6B..6B..N..6B..IC..6B..IG..6B..IF..6B..IA..6B...C..6B..NC..6B..6C..6B...O..6B...B..6B......6B...@..6B.Rich.6B.........PE..d....Are.........." ...%............0................................................p....`......................................... ...P...p............................/..........`4..T........................... 3..@............ ...............................text............................... ..`.rdata..D.... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\python3.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):68376
                                                                                                                              Entropy (8bit):6.148687003588085
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:/BV1EbYGVXq6KC/prVHBN0cW18itCQDFPnOMFn+gikF/nFX14uewjBcCCC0yamM8:pDmF61JFn+/OJBIpL0j7Sy5xH
                                                                                                                              MD5:4038AF0427BCE296CA8F3E98591E0723
                                                                                                                              SHA1:B2975225721959D87996454D049E6D878994CBF2
                                                                                                                              SHA-256:A5BB3EB6FDFD23E0D8B2E4BCCD6016290C013389E06DAAE6CB83964FA69E2A4F
                                                                                                                              SHA-512:DB762442C6355512625B36F112ECA6923875D10AAF6476D79DC6F6FFC9114E8C7757AC91DBCD1FB00014122BC7F656115160CF5D62FA7FA1BA70BC71346C1AD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T...5e..5e..5e..m..5e..e..5e.....5e..g..5e.Rich.5e.........PE..d....Are.........." ...%..................................................................`.........................................`...H................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\python312.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):7003928
                                                                                                                              Entropy (8bit):5.780799677504345
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:98304:2OUmnjqB6bHMYM3RNgqKutvDHDMiEtYkzuv:2OUmn+MnM3R+qYi3kzuv
                                                                                                                              MD5:48EBFEFA21B480A9B0DBFC3364E1D066
                                                                                                                              SHA1:B44A3A9B8C585B30897DDC2E4249DFCFD07B700A
                                                                                                                              SHA-256:0CC4E557972488EB99EA4AEB3D29F3ADE974EF3BCD47C211911489A189A0B6F2
                                                                                                                              SHA-512:4E6194F1C55B82EE41743B35D749F5D92A955B219DECACF9F1396D983E0F92AE02089C7F84A2B8296A3062AFA3F9C220DA9B7CD9ED01B3315EA4A953B4ECC6CE
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............e..e..e.d..e....e.`..e.a..e.f..e....e..d..e..d...e.Bh.r.e.Be..e.B...e.Bg..e.Rich..e.................PE..d....Are.........." ...%..)..RB.....|X........................................k.......k...`......................................... .O.d....[P......@j.......`..Y....j../...Pj.4Z...3.T.....................I.(.....3.@............0)..............................text...v.).......)................. ..`.rdata...P'..0)..R'...).............@..@.data....<....P......nP.............@....pdata...Y....`..Z...._.............@..@PyRuntim.....0c......Hb.............@....rsrc........@j......Ji.............@..@.reloc..4Z...Pj..\...Ti.............@..B................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\select.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):30488
                                                                                                                              Entropy (8bit):6.584443317757654
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:OyLTFInPLnIloHqP3DT90IBIpQG28HQIYiSy1pCQ5mrUAM+o/8E9VF0NyOYl:hinzfHqv1rBIpQG/5YiSyvkrUAMxkErl
                                                                                                                              MD5:E1604AFE8244E1CE4C316C64EA3AA173
                                                                                                                              SHA1:99704D2C0FA2687997381B65FF3B1B7194220A73
                                                                                                                              SHA-256:74CCA85600E7C17EA6532B54842E26D3CAE9181287CDF5A4A3C50AF4DAB785E5
                                                                                                                              SHA-512:7BF35B1A9DA9F1660F238C2959B3693B7D9D2DA40CF42C6F9EBA2164B73047340D0ADFF8995049A2FE14E149EBA05A5974EEE153BADD9E8450F961207F0B3D42
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V..t.s.'.s.'.s.'..7'.s.'...&.s.'...&.s.'...&.s.'...&.s.'(.&.s.'.s.'Ps.'Y..&.s.'(.&.s.'(.&.s.'(.['.s.'(.&.s.'Rich.s.'........PE..d....Are.........." ...%.....2............................................................`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\ucrtbase.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1035728
                                                                                                                              Entropy (8bit):6.630126944065657
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:EsKxVJ/pRRK0Y/9fCrl4NbpjONcncXEomxvSZX0yp49C:lKxDPHQCrlQBXxw
                                                                                                                              MD5:849959A003FA63C5A42AE87929FCD18B
                                                                                                                              SHA1:D1B80B3265E31A2B5D8D7DA6183146BBD5FB791B
                                                                                                                              SHA-256:6238CBFE9F57C142B75E153C399C478D492252FDA8CB40EE539C2DCB0F2EB232
                                                                                                                              SHA-512:64958DABDB94D21B59254C2F074DB5D51E914DDBC8437452115DFF369B0C134E50462C3FDBBC14B6FA809A6EE19AB2FB83D654061601CC175CDDCB7D74778E09
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........of...5...5...5..5...5...5&..5...5...5...4...5...4...5...4...5...4...5...4..5...5...5...4...5Rich...5........PE..d.....$%.........." .....:..........0Z..............................................7^....`A................................................................. ...........!.............p........................... f..............................................text...09.......:.................. ..`.rdata..^....P.......>..............@..@.data....&..........................@....pdata....... ......................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63002\unicodedata.pyd

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1137944
                                                                                                                              Entropy (8bit):5.4622357236004175
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:PrEHdcM6hb1CjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfciA0:PrEXQCjfk7bPNfv42BN6yzUiA0
                                                                                                                              MD5:FC47B9E23DDF2C128E3569A622868DBE
                                                                                                                              SHA1:2814643B70847B496CBDA990F6442D8FF4F0CB09
                                                                                                                              SHA-256:2A50D629895A05B10A262ACF333E7A4A31DB5CB035B70D14D1A4BE1C3E27D309
                                                                                                                              SHA-512:7C08683820498FDFF5F1703DB4AD94AD15F2AA877D044EDDC4B54D90E7DC162F48B22828CD577C9BB1B56F7C11F777F9785A9DA1867BF8C0F2B6E75DC57C3F53
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K..K..K..B.q.M..^..I..^..F..^..C..^..H..qE.H.....I..K.....qE.J..qE.J..qE..J..qE..J..RichK..........................PE..d....Are.........." ...%.>..........`*.......................................p...... A....`.........................................p...X............P.......@.........../...`......P^..T............................]..@............P..p............................text....=.......>.................. ..`.rdata..\....P.......B..............@..@.data...X.... ......................@....pdata.......@......................@..@.rsrc........P......."..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................

                                                                                                                              Static File Info

                                                                                                                              General

                                                                                                                              File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                              Entropy (8bit):7.993999124424823
                                                                                                                              TrID:
                                                                                                                              • Win64 Executable GUI (202006/5) 77.37%
                                                                                                                              • InstallShield setup (43055/19) 16.49%
                                                                                                                              • Win64 Executable (generic) (12005/4) 4.60%
                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.77%
                                                                                                                              • DOS Executable Generic (2002/1) 0.77%
                                                                                                                              File name:3OQL58yflv.exe
                                                                                                                              File size:10'580'892 bytes
                                                                                                                              MD5:6cb409f46ff2c5fff4dccec2daa01c68
                                                                                                                              SHA1:da84249c2f7ec40d36c2cd0771d6587471ef6c8a
                                                                                                                              SHA256:230f90bb0e0b11907854e59e63a040b0524fe3e3d6790d290d6fca8d2e0a73f0
                                                                                                                              SHA512:4aefb8687bface87bfca61da7a150f4e2d876f378365f9f1f36d3ff0ef36b3d8286b0e9beecde946c8cfddaffc32c623e18ef651bb3c0f921a17309393cf9196
                                                                                                                              SSDEEP:196608:VyI9Yi07+K1W903eV4QRZMToEuGxgh858F0ibfUpWYgABAbk9yt8Rpr:z9Yiu+AW+eGQRZMTozGxu8C0ibfcWr+/
                                                                                                                              TLSH:9FB63340F3540DF5EBB6C53B8656851AE332B9222364CAAB2374E2571FAB2425F3DF14
                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.Q...?...?...?.Z.<...?.Z.:...?.Z.;...?.......?...:.9.?...;...?...<...?.Z.>...?...>...?.+.;...?.+.=...?.Rich..?................

                                                                                                                              File Icon

                                                                                                                              Icon Hash:4a464cd47461e179

                                                                                                                              Static PE Info

                                                                                                                              General

                                                                                                                              Entrypoint:0x14000c1f0
                                                                                                                              Entrypoint Section:.text
                                                                                                                              Digitally signed:false
                                                                                                                              Imagebase:0x140000000
                                                                                                                              Subsystem:windows gui
                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                              Time Stamp:0x676FC5D5 [Sat Dec 28 09:33:09 2024 UTC]
                                                                                                                              TLS Callbacks:
                                                                                                                              CLR (.Net) Version:
                                                                                                                              OS Version Major:5
                                                                                                                              OS Version Minor:2
                                                                                                                              File Version Major:5
                                                                                                                              File Version Minor:2
                                                                                                                              Subsystem Version Major:5
                                                                                                                              Subsystem Version Minor:2
                                                                                                                              Import Hash:1af6c885af093afc55142c2f1761dbe8

                                                                                                                              Entrypoint Preview

                                                                                                                              Instruction
                                                                                                                              dec eax
                                                                                                                              sub esp, 28h
                                                                                                                              call 00007FAAECE9D9ECh
                                                                                                                              dec eax
                                                                                                                              add esp, 28h
                                                                                                                              jmp 00007FAAECE9D5FFh
                                                                                                                              int3
                                                                                                                              int3
                                                                                                                              int3
                                                                                                                              int3
                                                                                                                              int3
                                                                                                                              int3
                                                                                                                              int3
                                                                                                                              int3
                                                                                                                              int3
                                                                                                                              int3
                                                                                                                              int3
                                                                                                                              int3
                                                                                                                              int3
                                                                                                                              int3
                                                                                                                              dec eax
                                                                                                                              sub esp, 28h
                                                                                                                              call 00007FAAECE9DF64h
                                                                                                                              test eax, eax
                                                                                                                              je 00007FAAECE9D7A3h
                                                                                                                              dec eax
                                                                                                                              mov eax, dword ptr [00000030h]
                                                                                                                              dec eax
                                                                                                                              mov ecx, dword ptr [eax+08h]
                                                                                                                              jmp 00007FAAECE9D787h
                                                                                                                              dec eax
                                                                                                                              cmp ecx, eax
                                                                                                                              je 00007FAAECE9D796h
                                                                                                                              xor eax, eax
                                                                                                                              dec eax
                                                                                                                              cmpxchg dword ptr [0003427Ch], ecx
                                                                                                                              jne 00007FAAECE9D770h
                                                                                                                              xor al, al
                                                                                                                              dec eax
                                                                                                                              add esp, 28h
                                                                                                                              ret
                                                                                                                              mov al, 01h
                                                                                                                              jmp 00007FAAECE9D779h
                                                                                                                              int3
                                                                                                                              int3
                                                                                                                              int3
                                                                                                                              inc eax
                                                                                                                              push ebx
                                                                                                                              dec eax
                                                                                                                              sub esp, 20h
                                                                                                                              movzx eax, byte ptr [00034267h]
                                                                                                                              test ecx, ecx
                                                                                                                              mov ebx, 00000001h
                                                                                                                              cmove eax, ebx
                                                                                                                              mov byte ptr [00034257h], al
                                                                                                                              call 00007FAAECE9DD63h
                                                                                                                              call 00007FAAECE9EE82h
                                                                                                                              test al, al
                                                                                                                              jne 00007FAAECE9D786h
                                                                                                                              xor al, al
                                                                                                                              jmp 00007FAAECE9D796h
                                                                                                                              call 00007FAAECEABE21h
                                                                                                                              test al, al
                                                                                                                              jne 00007FAAECE9D78Bh
                                                                                                                              xor ecx, ecx
                                                                                                                              call 00007FAAECE9EE92h
                                                                                                                              jmp 00007FAAECE9D76Ch
                                                                                                                              mov al, bl
                                                                                                                              dec eax
                                                                                                                              add esp, 20h
                                                                                                                              pop ebx
                                                                                                                              ret
                                                                                                                              int3
                                                                                                                              int3
                                                                                                                              int3
                                                                                                                              inc eax
                                                                                                                              push ebx
                                                                                                                              dec eax
                                                                                                                              sub esp, 20h
                                                                                                                              cmp byte ptr [0003421Ch], 00000000h
                                                                                                                              mov ebx, ecx
                                                                                                                              jne 00007FAAECE9D7E9h
                                                                                                                              cmp ecx, 01h
                                                                                                                              jnbe 00007FAAECE9D7ECh
                                                                                                                              call 00007FAAECE9DECAh
                                                                                                                              test eax, eax
                                                                                                                              je 00007FAAECE9D7AAh

                                                                                                                              Data Directories

                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x3cdcc0x78.rdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x460000xf41c.rsrc
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x420000x22a4.pdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x560000x75c.reloc
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x3a3300x1c.rdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3a1f00x140.rdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x420.rdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                              Sections

                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                              .text0x10000x29c900x29e0062616acf257019688180f494b4eb78d4False0.5523087686567164data6.4831047330596565IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                              .rdata0x2b0000x12bf40x12c00830b1ac154e0c972c68f932b0f88cf15False0.5184375data5.835020431476157IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                              .data0x3e0000x33380xe0099d84572872f2ce8d9bdbc2521e1966eFalse0.1328125Matlab v4 mat-file (little endian) f\324\377\3772\242\337-\231+, text, rows 4294967295, columns 01.8271683819747706IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              .pdata0x420000x22a40x240039f0a7d8241a665fc55289b5f9977819False0.4720052083333333data5.316391891279308IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                              _RDATA0x450000x15c0x200624222957a635749731104f8cdf6f9b7False0.38671875data2.83326547900447IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                              .rsrc0x460000xf41c0xf600c654ab5a3bc06ebf8c554f36c31153c0False0.8030837144308943data7.554967714213712IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                              .reloc0x560000x75c0x8004138d4447f190c2657ec208ef31be551False0.5458984375data5.240127521097618IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                              Resources

                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                              RT_ICON0x462080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                                                                                              RT_ICON0x470b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                                                                                              RT_ICON0x479580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                                                                                              RT_ICON0x47ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                                                                                              RT_ICON0x513ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                                                                                              RT_ICON0x539940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                                                                                              RT_ICON0x54a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                                                                                              RT_GROUP_ICON0x54ea40x68data0.7019230769230769
                                                                                                                              RT_MANIFEST0x54f0c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                              Imports

                                                                                                                              DLLImport
                                                                                                                              USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                              COMCTL32.dll
                                                                                                                              KERNEL32.dllIsValidCodePage, GetStringTypeW, GetFileAttributesExW, HeapReAlloc, FlushFileBuffers, GetCurrentDirectoryW, GetACP, GetOEMCP, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, CreateSymbolicLinkW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, GetCPInfo, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW, SetEndOfFile, SetEnvironmentVariableW, RtlUnwindEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
                                                                                                                              ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                              GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                              Network Behavior

                                                                                                                              Network Port Distribution

                                                                                                                              TCP Packets

                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Dec 28, 2024 12:08:03.301189899 CET4973020529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:03.420892000 CET2052949730202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:03.421021938 CET4973020529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:05.903749943 CET2052949730202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:05.903825998 CET4973020529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:05.904830933 CET4973020529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:05.906913042 CET4973120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:06.024485111 CET2052949730202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:06.026473999 CET2052949731202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:06.026555061 CET4973120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:08.497160912 CET2052949731202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:08.497325897 CET4973120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:08.498210907 CET4973120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:08.499943018 CET4973220529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:08.617697001 CET2052949731202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:08.619461060 CET2052949732202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:08.619574070 CET4973220529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:11.065942049 CET2052949732202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:11.066044092 CET4973220529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:11.067049980 CET4973220529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:11.069082975 CET4973320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:11.186644077 CET2052949732202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:11.188659906 CET2052949733202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:11.188741922 CET4973320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:13.629333973 CET2052949733202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:13.629519939 CET4973320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:13.630325079 CET4973320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:13.632009029 CET4973420529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:13.750722885 CET2052949733202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:13.751689911 CET2052949734202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:13.751765013 CET4973420529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:16.198029995 CET2052949734202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:16.198105097 CET4973420529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:16.198923111 CET4973420529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:16.200551987 CET4973620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:16.318499088 CET2052949734202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:16.320106983 CET2052949736202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:16.320610046 CET4973620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:18.769882917 CET2052949736202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:18.770003080 CET4973620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:18.770966053 CET4973620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:18.772752047 CET4973820529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:18.890680075 CET2052949736202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:18.892400980 CET2052949738202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:18.892509937 CET4973820529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:21.363681078 CET2052949738202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:21.363754988 CET4973820529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:21.364624977 CET4973820529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:21.366239071 CET4974120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:21.484666109 CET2052949738202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:21.486628056 CET2052949741202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:21.486705065 CET4974120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:23.957808971 CET2052949741202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:23.959840059 CET4974120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:23.960714102 CET4974120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:23.962385893 CET4974320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:24.080482960 CET2052949741202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:24.081907988 CET2052949743202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:24.082320929 CET4974320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:26.616786003 CET2052949743202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:26.616949081 CET4974320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:26.618149042 CET4974320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:26.619868040 CET4974520529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:26.737718105 CET2052949743202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:26.739738941 CET2052949745202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:26.741894960 CET4974520529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:29.176682949 CET2052949745202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:29.176760912 CET4974520529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:29.177525043 CET4974520529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:29.179003954 CET4974620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:29.297059059 CET2052949745202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:29.298765898 CET2052949746202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:29.298873901 CET4974620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:31.769948006 CET2052949746202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:31.770072937 CET4974620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:31.770970106 CET4974620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:31.772710085 CET4974720529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:31.890425920 CET2052949746202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:31.892294884 CET2052949747202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:31.892374039 CET4974720529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:34.364006042 CET2052949747202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:34.364129066 CET4974720529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:34.378473043 CET4974720529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:34.393793106 CET4974820529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:34.498018980 CET2052949747202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:34.513302088 CET2052949748202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:34.513442993 CET4974820529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:36.948703051 CET2052949748202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:36.948805094 CET4974820529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:36.949640989 CET4974820529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:36.951298952 CET4974920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:37.069207907 CET2052949748202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:37.071017027 CET2052949749202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:37.071114063 CET4974920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:39.511152983 CET2052949749202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:39.511248112 CET4974920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:39.512140036 CET4974920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:39.513909101 CET4975020529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:39.631638050 CET2052949749202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:39.633495092 CET2052949750202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:39.633610964 CET4975020529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:42.057794094 CET2052949750202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:42.057923079 CET4975020529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:42.058798075 CET4975020529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:42.060506105 CET4975120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:42.178364992 CET2052949750202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:42.180169106 CET2052949751202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:42.180246115 CET4975120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:44.664808989 CET2052949751202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:44.664937973 CET4975120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:44.665887117 CET4975120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:44.667783022 CET4975220529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:44.785361052 CET2052949751202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:44.787229061 CET2052949752202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:44.787326097 CET4975220529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:47.183032990 CET2052949752202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:47.183144093 CET4975220529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:47.184964895 CET4975220529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:47.186839104 CET4975320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:47.304404974 CET2052949752202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:47.306345940 CET2052949753202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:47.306449890 CET4975320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:49.739099026 CET2052949753202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:49.739495039 CET4975320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:49.740389109 CET4975320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:49.742086887 CET4975420529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:49.859790087 CET2052949753202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:49.862385035 CET2052949754202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:49.862492085 CET4975420529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:52.332731009 CET2052949754202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:52.332809925 CET4975420529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:52.333725929 CET4975420529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:52.335659981 CET4975520529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:52.453937054 CET2052949754202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:52.455900908 CET2052949755202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:52.455976963 CET4975520529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:54.942579985 CET2052949755202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:54.942672014 CET4975520529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:54.943610907 CET4975520529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:54.945455074 CET4975620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:55.063033104 CET2052949755202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:55.064944029 CET2052949756202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:55.065072060 CET4975620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:57.638710022 CET2052949756202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:57.638904095 CET4975620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:57.639779091 CET4975620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:57.641475916 CET4975820529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:08:57.759186029 CET2052949756202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:57.760940075 CET2052949758202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:08:57.761087894 CET4975820529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:00.208134890 CET2052949758202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:00.208200932 CET4975820529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:00.209141016 CET4975820529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:00.210947037 CET4976020529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:00.328516006 CET2052949758202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:00.330476999 CET2052949760202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:00.330565929 CET4976020529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:02.730133057 CET2052949760202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:02.730227947 CET4976020529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:02.731143951 CET4976020529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:02.732928991 CET4976620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:02.850754023 CET2052949760202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:02.852427006 CET2052949766202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:02.852508068 CET4976620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:05.336941957 CET2052949766202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:05.337002993 CET4976620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:05.337860107 CET4976620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:05.339562893 CET4977220529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:05.457539082 CET2052949766202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:05.459059000 CET2052949772202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:05.459137917 CET4977220529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:07.943238020 CET2052949772202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:07.943327904 CET4977220529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:07.944178104 CET4977220529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:07.945821047 CET4978320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:08.063649893 CET2052949772202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:08.065243959 CET2052949783202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:08.065325022 CET4978320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:10.505322933 CET2052949783202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:10.505445004 CET4978320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:10.506289959 CET4978320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:10.507930994 CET4978920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:10.625809908 CET2052949783202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:10.627438068 CET2052949789202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:10.627533913 CET4978920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:13.118446112 CET2052949789202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:13.118586063 CET4978920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:13.119551897 CET4978920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:13.121395111 CET4979520529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:13.239263058 CET2052949789202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:13.240998030 CET2052949795202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:13.241111040 CET4979520529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:15.686686993 CET2052949795202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:15.686811924 CET4979520529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:15.687736034 CET4979520529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:15.689459085 CET4980120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:15.807254076 CET2052949795202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:15.809103966 CET2052949801202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:15.809210062 CET4980120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:18.307899952 CET2052949801202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:18.308001995 CET4980120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:18.308929920 CET4980120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:18.310653925 CET4980720529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:18.428420067 CET2052949801202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:18.430222034 CET2052949807202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:18.430313110 CET4980720529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:20.868284941 CET2052949807202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:20.868355989 CET4980720529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:20.869225979 CET4980720529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:20.870978117 CET4981320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:20.988816023 CET2052949807202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:20.990552902 CET2052949813202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:20.992012978 CET4981320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:23.490194082 CET2052949813202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:23.490284920 CET4981320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:23.491096973 CET4981320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:23.492727041 CET4982120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:23.610483885 CET2052949813202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:23.612277985 CET2052949821202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:23.612371922 CET4982120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:26.083734989 CET2052949821202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:26.083822012 CET4982120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:26.084667921 CET4982120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:26.131993055 CET4982920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:26.204109907 CET2052949821202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:26.251463890 CET2052949829202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:26.251554966 CET4982920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:28.655797958 CET2052949829202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:28.655879021 CET4982920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:28.656744003 CET4982920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:28.658526897 CET4983620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:28.776417017 CET2052949829202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:28.778347015 CET2052949836202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:28.778445005 CET4983620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:31.184379101 CET2052949836202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:31.184458017 CET4983620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:31.191024065 CET4983620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:31.212539911 CET4984220529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:31.310497999 CET2052949836202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:31.332257032 CET2052949842202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:31.332344055 CET4984220529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:33.803750992 CET2052949842202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:33.806114912 CET4984220529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:33.812587023 CET4984220529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:33.829375029 CET4984820529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:33.932287931 CET2052949842202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:33.949652910 CET2052949848202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:33.949749947 CET4984820529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:36.407926083 CET2052949848202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:36.408025980 CET4984820529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:36.426296949 CET4984820529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:36.433029890 CET4985420529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:36.546021938 CET2052949848202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:36.552651882 CET2052949854202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:36.552752018 CET4985420529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:38.998090982 CET2052949854202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:38.998176098 CET4985420529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:38.999032974 CET4985420529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:39.000677109 CET4986120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:39.118527889 CET2052949854202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:39.120402098 CET2052949861202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:39.120517969 CET4986120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:41.529500008 CET2052949861202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:41.529558897 CET4986120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:41.530404091 CET4986120529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:41.532056093 CET4986920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:41.649849892 CET2052949861202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:41.651496887 CET2052949869202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:41.651583910 CET4986920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:44.452687979 CET2052949869202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:44.452816010 CET4986920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:44.453664064 CET4986920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:44.455357075 CET4987520529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:44.573213100 CET2052949869202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:44.575253963 CET2052949875202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:44.578274012 CET4987520529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:47.014484882 CET2052949875202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:47.014727116 CET4987520529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:47.015609026 CET4987520529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:47.017343044 CET4988320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:47.135163069 CET2052949875202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:47.137103081 CET2052949883202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:47.137192011 CET4988320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:49.548423052 CET2052949883202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:49.548635960 CET4988320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:49.567657948 CET4988320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:49.573235035 CET4988920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:49.687216997 CET2052949883202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:49.692801952 CET2052949889202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:49.692883015 CET4988920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:52.139333010 CET2052949889202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:52.139458895 CET4988920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:52.174348116 CET4988920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:52.177552938 CET4989520529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:52.293857098 CET2052949889202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:52.297116041 CET2052949895202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:52.297209024 CET4989520529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:54.739146948 CET2052949895202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:54.739242077 CET4989520529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:54.740057945 CET4989520529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:54.741686106 CET4990320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:54.859550953 CET2052949895202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:54.861211061 CET2052949903202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:54.861294031 CET4990320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:57.339437962 CET2052949903202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:57.339509964 CET4990320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:57.340380907 CET4990320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:57.342083931 CET4990920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:57.460465908 CET2052949903202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:57.462004900 CET2052949909202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:57.462079048 CET4990920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:59.923979044 CET2052949909202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:09:59.924129963 CET4990920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:59.925009012 CET4990920529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:09:59.926803112 CET4991620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:10:00.044657946 CET2052949909202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:10:00.046308041 CET2052949916202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:10:00.046422005 CET4991620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:10:02.495316982 CET2052949916202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:10:02.498321056 CET4991620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:10:02.499126911 CET4991620529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:10:02.500884056 CET4992320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:10:02.618710995 CET2052949916202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:10:02.620493889 CET2052949923202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:10:02.620568991 CET4992320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:10:05.061445951 CET2052949923202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:10:05.061505079 CET4992320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:10:05.062323093 CET4992320529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:10:05.063999891 CET4993020529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:10:05.181859970 CET2052949923202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:10:05.183595896 CET2052949930202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:10:05.183790922 CET4993020529192.168.2.4202.182.125.24
                                                                                                                              Dec 28, 2024 12:10:07.667732954 CET2052949930202.182.125.24192.168.2.4
                                                                                                                              Dec 28, 2024 12:10:07.667844057 CET4993020529192.168.2.4202.182.125.24

                                                                                                                              Statistics

                                                                                                                              CPU Usage

                                                                                                                              Click to jump to process

                                                                                                                              Memory Usage

                                                                                                                              Click to jump to process

                                                                                                                              High Level Behavior Distribution

                                                                                                                              Click to dive into process behavior distribution

                                                                                                                              Behavior

                                                                                                                              Click to jump to process

                                                                                                                              System Behavior

                                                                                                                              General

                                                                                                                              Target ID:0
                                                                                                                              Start time:06:07:59
                                                                                                                              Start date:28/12/2024
                                                                                                                              Path:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Users\user\Desktop\3OQL58yflv.exe"
                                                                                                                              Imagebase:0x7ff6e3770000
                                                                                                                              File size:10'580'892 bytes
                                                                                                                              MD5 hash:6CB409F46FF2C5FFF4DCCEC2DAA01C68
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:1
                                                                                                                              Start time:06:08:01
                                                                                                                              Start date:28/12/2024
                                                                                                                              Path:C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Users\user\Desktop\3OQL58yflv.exe"
                                                                                                                              Imagebase:0x7ff6e3770000
                                                                                                                              File size:10'580'892 bytes
                                                                                                                              MD5 hash:6CB409F46FF2C5FFF4DCCEC2DAA01C68
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000001.00000002.2934511808.00000225EDFB0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000001.00000002.2934511808.00000225EDFB0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                              • Rule: Windows_Trojan_Metasploit_91bc5d7d, Description: unknown, Source: 00000001.00000002.2934511808.00000225EDFB0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000001.00000002.2933864941.00000225ED810000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                              • Rule: Windows_Trojan_Metasploit_91bc5d7d, Description: unknown, Source: 00000001.00000002.2933864941.00000225ED810000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                              • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000001.00000002.2933458373.00000225ED568000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000001.00000002.2933458373.00000225ED568000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                              • Rule: Windows_Trojan_Metasploit_91bc5d7d, Description: unknown, Source: 00000001.00000002.2933458373.00000225ED568000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                              Reputation:low
                                                                                                                              Has exited:false

                                                                                                                              Disassembly

                                                                                                                              Reset < >

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:10.4%
                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                Signature Coverage:18.5%
                                                                                                                                Total number of Nodes:2000
                                                                                                                                Total number of Limit Nodes:23
                                                                                                                                execution_graph 18212 7ff6e3790f38 18213 7ff6e3790f5c 18212->18213 18215 7ff6e3790f6c 18212->18215 18214 7ff6e37854c4 _get_daylight 11 API calls 18213->18214 18237 7ff6e3790f61 18214->18237 18216 7ff6e379124c 18215->18216 18217 7ff6e3790f8e 18215->18217 18218 7ff6e37854c4 _get_daylight 11 API calls 18216->18218 18220 7ff6e3790faf 18217->18220 18358 7ff6e37915f4 18217->18358 18219 7ff6e3791251 18218->18219 18221 7ff6e378af0c __free_lconv_mon 11 API calls 18219->18221 18223 7ff6e3791021 18220->18223 18225 7ff6e3790fd5 18220->18225 18229 7ff6e3791015 18220->18229 18221->18237 18227 7ff6e378f158 _get_daylight 11 API calls 18223->18227 18241 7ff6e3790fe4 18223->18241 18224 7ff6e37910ce 18236 7ff6e37910eb 18224->18236 18242 7ff6e379113d 18224->18242 18373 7ff6e3789c50 18225->18373 18230 7ff6e3791037 18227->18230 18229->18224 18229->18241 18379 7ff6e37979fc 18229->18379 18233 7ff6e378af0c __free_lconv_mon 11 API calls 18230->18233 18232 7ff6e378af0c __free_lconv_mon 11 API calls 18232->18237 18238 7ff6e3791045 18233->18238 18234 7ff6e3790fdf 18239 7ff6e37854c4 _get_daylight 11 API calls 18234->18239 18235 7ff6e3790ffd 18235->18229 18244 7ff6e37915f4 45 API calls 18235->18244 18240 7ff6e378af0c __free_lconv_mon 11 API calls 18236->18240 18238->18229 18238->18241 18246 7ff6e378f158 _get_daylight 11 API calls 18238->18246 18239->18241 18243 7ff6e37910f4 18240->18243 18241->18232 18242->18241 18245 7ff6e3793a4c 40 API calls 18242->18245 18253 7ff6e37910f9 18243->18253 18415 7ff6e3793a4c 18243->18415 18244->18229 18247 7ff6e379117a 18245->18247 18249 7ff6e3791067 18246->18249 18250 7ff6e378af0c __free_lconv_mon 11 API calls 18247->18250 18254 7ff6e378af0c __free_lconv_mon 11 API calls 18249->18254 18255 7ff6e3791184 18250->18255 18251 7ff6e3791125 18256 7ff6e378af0c __free_lconv_mon 11 API calls 18251->18256 18252 7ff6e3791240 18257 7ff6e378af0c __free_lconv_mon 11 API calls 18252->18257 18253->18252 18258 7ff6e378f158 _get_daylight 11 API calls 18253->18258 18254->18229 18255->18241 18255->18253 18256->18253 18257->18237 18259 7ff6e37911c8 18258->18259 18260 7ff6e37911d0 18259->18260 18261 7ff6e37911d9 18259->18261 18262 7ff6e378af0c __free_lconv_mon 11 API calls 18260->18262 18263 7ff6e378aa3c __std_exception_copy 37 API calls 18261->18263 18264 7ff6e37911d7 18262->18264 18265 7ff6e37911e8 18263->18265 18269 7ff6e378af0c __free_lconv_mon 11 API calls 18264->18269 18266 7ff6e37911f0 18265->18266 18267 7ff6e379127b 18265->18267 18424 7ff6e3797b14 18266->18424 18268 7ff6e378aec4 _wfindfirst32i64 17 API calls 18267->18268 18272 7ff6e379128f 18268->18272 18269->18237 18275 7ff6e37912b8 18272->18275 18282 7ff6e37912c8 18272->18282 18273 7ff6e3791217 18276 7ff6e37854c4 _get_daylight 11 API calls 18273->18276 18274 7ff6e3791238 18278 7ff6e378af0c __free_lconv_mon 11 API calls 18274->18278 18277 7ff6e37854c4 _get_daylight 11 API calls 18275->18277 18279 7ff6e379121c 18276->18279 18280 7ff6e37912bd 18277->18280 18278->18252 18281 7ff6e378af0c __free_lconv_mon 11 API calls 18279->18281 18281->18264 18283 7ff6e37915ab 18282->18283 18284 7ff6e37912ea 18282->18284 18285 7ff6e37854c4 _get_daylight 11 API calls 18283->18285 18287 7ff6e3791307 18284->18287 18343 7ff6e37916dc 18284->18343 18286 7ff6e37915b0 18285->18286 18289 7ff6e378af0c __free_lconv_mon 11 API calls 18286->18289 18290 7ff6e379137b 18287->18290 18291 7ff6e379132f 18287->18291 18305 7ff6e379136f 18287->18305 18289->18280 18295 7ff6e379133e 18290->18295 18296 7ff6e378f158 _get_daylight 11 API calls 18290->18296 18311 7ff6e37913a3 18290->18311 18443 7ff6e3789c8c 18291->18443 18294 7ff6e379142e 18304 7ff6e379144b 18294->18304 18312 7ff6e379149e 18294->18312 18299 7ff6e378af0c __free_lconv_mon 11 API calls 18295->18299 18300 7ff6e3791395 18296->18300 18298 7ff6e378f158 _get_daylight 11 API calls 18303 7ff6e37913c5 18298->18303 18299->18280 18306 7ff6e378af0c __free_lconv_mon 11 API calls 18300->18306 18301 7ff6e3791357 18301->18305 18310 7ff6e37916dc 45 API calls 18301->18310 18302 7ff6e3791339 18307 7ff6e37854c4 _get_daylight 11 API calls 18302->18307 18308 7ff6e378af0c __free_lconv_mon 11 API calls 18303->18308 18309 7ff6e378af0c __free_lconv_mon 11 API calls 18304->18309 18305->18294 18305->18295 18449 7ff6e37978bc 18305->18449 18306->18311 18307->18295 18308->18305 18313 7ff6e3791454 18309->18313 18310->18305 18311->18295 18311->18298 18311->18305 18312->18295 18314 7ff6e3793a4c 40 API calls 18312->18314 18317 7ff6e3793a4c 40 API calls 18313->18317 18320 7ff6e379145a 18313->18320 18315 7ff6e37914dc 18314->18315 18316 7ff6e378af0c __free_lconv_mon 11 API calls 18315->18316 18318 7ff6e37914e6 18316->18318 18321 7ff6e3791486 18317->18321 18318->18295 18318->18320 18319 7ff6e379159f 18323 7ff6e378af0c __free_lconv_mon 11 API calls 18319->18323 18320->18319 18324 7ff6e378f158 _get_daylight 11 API calls 18320->18324 18322 7ff6e378af0c __free_lconv_mon 11 API calls 18321->18322 18322->18320 18323->18280 18325 7ff6e379152b 18324->18325 18326 7ff6e3791533 18325->18326 18327 7ff6e379153c 18325->18327 18328 7ff6e378af0c __free_lconv_mon 11 API calls 18326->18328 18329 7ff6e3790e54 _wfindfirst32i64 37 API calls 18327->18329 18330 7ff6e379153a 18328->18330 18331 7ff6e379154a 18329->18331 18337 7ff6e378af0c __free_lconv_mon 11 API calls 18330->18337 18332 7ff6e37915df 18331->18332 18333 7ff6e3791552 SetEnvironmentVariableW 18331->18333 18336 7ff6e378aec4 _wfindfirst32i64 17 API calls 18332->18336 18334 7ff6e3791576 18333->18334 18335 7ff6e3791597 18333->18335 18338 7ff6e37854c4 _get_daylight 11 API calls 18334->18338 18340 7ff6e378af0c __free_lconv_mon 11 API calls 18335->18340 18339 7ff6e37915f3 18336->18339 18337->18280 18341 7ff6e379157b 18338->18341 18340->18319 18342 7ff6e378af0c __free_lconv_mon 11 API calls 18341->18342 18342->18330 18344 7ff6e37916ff 18343->18344 18345 7ff6e379171c 18343->18345 18344->18287 18346 7ff6e378f158 _get_daylight 11 API calls 18345->18346 18352 7ff6e3791740 18346->18352 18347 7ff6e37917a1 18349 7ff6e378af0c __free_lconv_mon 11 API calls 18347->18349 18348 7ff6e378aa9c __CxxCallCatchBlock 45 API calls 18350 7ff6e37917ca 18348->18350 18349->18344 18351 7ff6e378f158 _get_daylight 11 API calls 18351->18352 18352->18347 18352->18351 18353 7ff6e378af0c __free_lconv_mon 11 API calls 18352->18353 18354 7ff6e3790e54 _wfindfirst32i64 37 API calls 18352->18354 18355 7ff6e37917b0 18352->18355 18357 7ff6e37917c4 18352->18357 18353->18352 18354->18352 18356 7ff6e378aec4 _wfindfirst32i64 17 API calls 18355->18356 18356->18357 18357->18348 18359 7ff6e3791611 18358->18359 18360 7ff6e3791629 18358->18360 18359->18220 18361 7ff6e378f158 _get_daylight 11 API calls 18360->18361 18368 7ff6e379164d 18361->18368 18362 7ff6e37916d2 18364 7ff6e378aa9c __CxxCallCatchBlock 45 API calls 18362->18364 18363 7ff6e37916ae 18366 7ff6e378af0c __free_lconv_mon 11 API calls 18363->18366 18365 7ff6e37916d8 18364->18365 18366->18359 18367 7ff6e378f158 _get_daylight 11 API calls 18367->18368 18368->18362 18368->18363 18368->18367 18369 7ff6e378af0c __free_lconv_mon 11 API calls 18368->18369 18370 7ff6e378aa3c __std_exception_copy 37 API calls 18368->18370 18371 7ff6e37916bd 18368->18371 18369->18368 18370->18368 18372 7ff6e378aec4 _wfindfirst32i64 17 API calls 18371->18372 18372->18362 18374 7ff6e3789c60 18373->18374 18375 7ff6e3789c69 18373->18375 18374->18375 18473 7ff6e3789728 18374->18473 18375->18234 18375->18235 18380 7ff6e3797a09 18379->18380 18381 7ff6e3796bac 18379->18381 18383 7ff6e3784f98 45 API calls 18380->18383 18382 7ff6e3796bb9 18381->18382 18390 7ff6e3796bef 18381->18390 18384 7ff6e37854c4 _get_daylight 11 API calls 18382->18384 18403 7ff6e3796b60 18382->18403 18386 7ff6e3797a3d 18383->18386 18387 7ff6e3796bc3 18384->18387 18385 7ff6e3796c19 18388 7ff6e37854c4 _get_daylight 11 API calls 18385->18388 18389 7ff6e3797a42 18386->18389 18394 7ff6e3797a53 18386->18394 18395 7ff6e3797a6a 18386->18395 18392 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 18387->18392 18393 7ff6e3796c1e 18388->18393 18389->18229 18390->18385 18391 7ff6e3796c3e 18390->18391 18400 7ff6e3784f98 45 API calls 18391->18400 18405 7ff6e3796c29 18391->18405 18397 7ff6e3796bce 18392->18397 18398 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 18393->18398 18396 7ff6e37854c4 _get_daylight 11 API calls 18394->18396 18401 7ff6e3797a74 18395->18401 18402 7ff6e3797a86 18395->18402 18399 7ff6e3797a58 18396->18399 18397->18229 18398->18405 18404 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 18399->18404 18400->18405 18406 7ff6e37854c4 _get_daylight 11 API calls 18401->18406 18407 7ff6e3797aae 18402->18407 18408 7ff6e3797a97 18402->18408 18403->18229 18404->18389 18405->18229 18410 7ff6e3797a79 18406->18410 18705 7ff6e3799824 18407->18705 18696 7ff6e3796bfc 18408->18696 18413 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 18410->18413 18413->18389 18414 7ff6e37854c4 _get_daylight 11 API calls 18414->18389 18416 7ff6e3793a6e 18415->18416 18417 7ff6e3793a8b 18415->18417 18416->18417 18418 7ff6e3793a7c 18416->18418 18419 7ff6e3793a95 18417->18419 18745 7ff6e3798508 18417->18745 18420 7ff6e37854c4 _get_daylight 11 API calls 18418->18420 18752 7ff6e3790ebc 18419->18752 18423 7ff6e3793a81 __scrt_get_show_window_mode 18420->18423 18423->18251 18425 7ff6e3784f98 45 API calls 18424->18425 18426 7ff6e3797b7a 18425->18426 18427 7ff6e3797b88 18426->18427 18428 7ff6e378f3e4 5 API calls 18426->18428 18429 7ff6e3785584 14 API calls 18427->18429 18428->18427 18430 7ff6e3797be4 18429->18430 18431 7ff6e3784f98 45 API calls 18430->18431 18432 7ff6e3797c74 18430->18432 18433 7ff6e3797bf7 18431->18433 18434 7ff6e3797c85 18432->18434 18435 7ff6e378af0c __free_lconv_mon 11 API calls 18432->18435 18437 7ff6e378f3e4 5 API calls 18433->18437 18440 7ff6e3797c00 18433->18440 18436 7ff6e3791213 18434->18436 18438 7ff6e378af0c __free_lconv_mon 11 API calls 18434->18438 18435->18434 18436->18273 18436->18274 18437->18440 18438->18436 18439 7ff6e3785584 14 API calls 18441 7ff6e3797c5b 18439->18441 18440->18439 18441->18432 18442 7ff6e3797c63 SetEnvironmentVariableW 18441->18442 18442->18432 18444 7ff6e3789c9c 18443->18444 18447 7ff6e3789ca5 18443->18447 18444->18447 18764 7ff6e378979c 18444->18764 18447->18301 18447->18302 18450 7ff6e37978c9 18449->18450 18453 7ff6e37978f6 18449->18453 18451 7ff6e37978ce 18450->18451 18450->18453 18452 7ff6e37854c4 _get_daylight 11 API calls 18451->18452 18455 7ff6e37978d3 18452->18455 18454 7ff6e379793a 18453->18454 18457 7ff6e3797959 18453->18457 18470 7ff6e379792e __crtLCMapStringW 18453->18470 18456 7ff6e37854c4 _get_daylight 11 API calls 18454->18456 18458 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 18455->18458 18459 7ff6e379793f 18456->18459 18460 7ff6e3797963 18457->18460 18461 7ff6e3797975 18457->18461 18462 7ff6e37978de 18458->18462 18463 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 18459->18463 18464 7ff6e37854c4 _get_daylight 11 API calls 18460->18464 18465 7ff6e3784f98 45 API calls 18461->18465 18462->18305 18463->18470 18466 7ff6e3797968 18464->18466 18467 7ff6e3797982 18465->18467 18468 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 18466->18468 18467->18470 18811 7ff6e37993e0 18467->18811 18468->18470 18470->18305 18472 7ff6e37854c4 _get_daylight 11 API calls 18472->18470 18474 7ff6e3789741 18473->18474 18483 7ff6e378973d 18473->18483 18496 7ff6e3792c60 18474->18496 18479 7ff6e378975f 18522 7ff6e378980c 18479->18522 18480 7ff6e3789753 18481 7ff6e378af0c __free_lconv_mon 11 API calls 18480->18481 18481->18483 18483->18375 18488 7ff6e3789a7c 18483->18488 18485 7ff6e378af0c __free_lconv_mon 11 API calls 18486 7ff6e3789786 18485->18486 18487 7ff6e378af0c __free_lconv_mon 11 API calls 18486->18487 18487->18483 18489 7ff6e3789abe 18488->18489 18490 7ff6e3789aa5 18488->18490 18489->18490 18491 7ff6e378f158 _get_daylight 11 API calls 18489->18491 18492 7ff6e3789b4e 18489->18492 18493 7ff6e37904c8 WideCharToMultiByte 18489->18493 18495 7ff6e378af0c __free_lconv_mon 11 API calls 18489->18495 18490->18375 18491->18489 18494 7ff6e378af0c __free_lconv_mon 11 API calls 18492->18494 18493->18489 18494->18490 18495->18489 18497 7ff6e3789746 18496->18497 18498 7ff6e3792c6d 18496->18498 18502 7ff6e3792f9c GetEnvironmentStringsW 18497->18502 18541 7ff6e378b7e4 18498->18541 18503 7ff6e378974b 18502->18503 18504 7ff6e3792fcc 18502->18504 18503->18479 18503->18480 18505 7ff6e37904c8 WideCharToMultiByte 18504->18505 18506 7ff6e379301d 18505->18506 18507 7ff6e3793024 FreeEnvironmentStringsW 18506->18507 18508 7ff6e378dbbc _fread_nolock 12 API calls 18506->18508 18507->18503 18509 7ff6e3793037 18508->18509 18510 7ff6e379303f 18509->18510 18511 7ff6e3793048 18509->18511 18512 7ff6e378af0c __free_lconv_mon 11 API calls 18510->18512 18513 7ff6e37904c8 WideCharToMultiByte 18511->18513 18514 7ff6e3793046 18512->18514 18515 7ff6e379306b 18513->18515 18514->18507 18516 7ff6e379306f 18515->18516 18517 7ff6e3793079 18515->18517 18518 7ff6e378af0c __free_lconv_mon 11 API calls 18516->18518 18519 7ff6e378af0c __free_lconv_mon 11 API calls 18517->18519 18520 7ff6e3793077 FreeEnvironmentStringsW 18518->18520 18519->18520 18520->18503 18523 7ff6e3789831 18522->18523 18524 7ff6e378f158 _get_daylight 11 API calls 18523->18524 18534 7ff6e3789867 18524->18534 18525 7ff6e378af0c __free_lconv_mon 11 API calls 18526 7ff6e3789767 18525->18526 18526->18485 18527 7ff6e37898e2 18528 7ff6e378af0c __free_lconv_mon 11 API calls 18527->18528 18528->18526 18529 7ff6e378f158 _get_daylight 11 API calls 18529->18534 18530 7ff6e37898d1 18690 7ff6e3789a38 18530->18690 18532 7ff6e378aa3c __std_exception_copy 37 API calls 18532->18534 18534->18527 18534->18529 18534->18530 18534->18532 18536 7ff6e3789907 18534->18536 18537 7ff6e378af0c __free_lconv_mon 11 API calls 18534->18537 18538 7ff6e378986f 18534->18538 18535 7ff6e378af0c __free_lconv_mon 11 API calls 18535->18538 18539 7ff6e378aec4 _wfindfirst32i64 17 API calls 18536->18539 18537->18534 18538->18525 18540 7ff6e378991a 18539->18540 18542 7ff6e378b810 FlsSetValue 18541->18542 18543 7ff6e378b7f5 FlsGetValue 18541->18543 18544 7ff6e378b81d 18542->18544 18545 7ff6e378b802 18542->18545 18543->18545 18546 7ff6e378b80a 18543->18546 18547 7ff6e378f158 _get_daylight 11 API calls 18544->18547 18548 7ff6e378b808 18545->18548 18549 7ff6e378aa9c __CxxCallCatchBlock 45 API calls 18545->18549 18546->18542 18551 7ff6e378b82c 18547->18551 18561 7ff6e3792934 18548->18561 18550 7ff6e378b885 18549->18550 18552 7ff6e378b84a FlsSetValue 18551->18552 18553 7ff6e378b83a FlsSetValue 18551->18553 18555 7ff6e378b856 FlsSetValue 18552->18555 18556 7ff6e378b868 18552->18556 18554 7ff6e378b843 18553->18554 18557 7ff6e378af0c __free_lconv_mon 11 API calls 18554->18557 18555->18554 18558 7ff6e378b4b8 _get_daylight 11 API calls 18556->18558 18557->18545 18559 7ff6e378b870 18558->18559 18560 7ff6e378af0c __free_lconv_mon 11 API calls 18559->18560 18560->18548 18584 7ff6e3792ba4 18561->18584 18563 7ff6e3792969 18599 7ff6e3792634 18563->18599 18566 7ff6e3792986 18566->18497 18567 7ff6e378dbbc _fread_nolock 12 API calls 18568 7ff6e3792997 18567->18568 18569 7ff6e379299f 18568->18569 18571 7ff6e37929ae 18568->18571 18570 7ff6e378af0c __free_lconv_mon 11 API calls 18569->18570 18570->18566 18571->18571 18606 7ff6e3792cdc 18571->18606 18574 7ff6e3792aaa 18575 7ff6e37854c4 _get_daylight 11 API calls 18574->18575 18576 7ff6e3792aaf 18575->18576 18578 7ff6e378af0c __free_lconv_mon 11 API calls 18576->18578 18577 7ff6e3792b05 18580 7ff6e3792b6c 18577->18580 18617 7ff6e3792464 18577->18617 18578->18566 18579 7ff6e3792ac4 18579->18577 18582 7ff6e378af0c __free_lconv_mon 11 API calls 18579->18582 18581 7ff6e378af0c __free_lconv_mon 11 API calls 18580->18581 18581->18566 18582->18577 18585 7ff6e3792bc7 18584->18585 18587 7ff6e3792bd1 18585->18587 18632 7ff6e3790cb8 EnterCriticalSection 18585->18632 18590 7ff6e3792c43 18587->18590 18592 7ff6e378aa9c __CxxCallCatchBlock 45 API calls 18587->18592 18590->18563 18593 7ff6e3792c5b 18592->18593 18595 7ff6e3792cb2 18593->18595 18596 7ff6e378b7e4 50 API calls 18593->18596 18595->18563 18597 7ff6e3792c9c 18596->18597 18598 7ff6e3792934 65 API calls 18597->18598 18598->18595 18600 7ff6e3784f98 45 API calls 18599->18600 18601 7ff6e3792648 18600->18601 18602 7ff6e3792654 GetOEMCP 18601->18602 18603 7ff6e3792666 18601->18603 18605 7ff6e379267b 18602->18605 18604 7ff6e379266b GetACP 18603->18604 18603->18605 18604->18605 18605->18566 18605->18567 18607 7ff6e3792634 47 API calls 18606->18607 18608 7ff6e3792d09 18607->18608 18609 7ff6e3792d46 IsValidCodePage 18608->18609 18614 7ff6e3792e5f 18608->18614 18616 7ff6e3792d60 __scrt_get_show_window_mode 18608->18616 18611 7ff6e3792d57 18609->18611 18609->18614 18610 7ff6e377bcc0 _wfindfirst32i64 8 API calls 18612 7ff6e3792aa1 18610->18612 18613 7ff6e3792d86 GetCPInfo 18611->18613 18611->18616 18612->18574 18612->18579 18613->18614 18613->18616 18614->18610 18633 7ff6e379274c 18616->18633 18689 7ff6e3790cb8 EnterCriticalSection 18617->18689 18634 7ff6e3792789 GetCPInfo 18633->18634 18643 7ff6e379287f 18633->18643 18639 7ff6e379279c 18634->18639 18634->18643 18635 7ff6e377bcc0 _wfindfirst32i64 8 API calls 18636 7ff6e379291e 18635->18636 18636->18614 18637 7ff6e37934b0 48 API calls 18638 7ff6e3792813 18637->18638 18644 7ff6e3798454 18638->18644 18639->18637 18642 7ff6e3798454 54 API calls 18642->18643 18643->18635 18645 7ff6e3784f98 45 API calls 18644->18645 18646 7ff6e3798479 18645->18646 18649 7ff6e3798120 18646->18649 18650 7ff6e3798161 18649->18650 18651 7ff6e378fc00 _fread_nolock MultiByteToWideChar 18650->18651 18654 7ff6e37981ab 18651->18654 18652 7ff6e3798429 18653 7ff6e377bcc0 _wfindfirst32i64 8 API calls 18652->18653 18655 7ff6e3792846 18653->18655 18654->18652 18656 7ff6e378dbbc _fread_nolock 12 API calls 18654->18656 18657 7ff6e37982e1 18654->18657 18659 7ff6e37981e3 18654->18659 18655->18642 18656->18659 18657->18652 18658 7ff6e378af0c __free_lconv_mon 11 API calls 18657->18658 18658->18652 18659->18657 18660 7ff6e378fc00 _fread_nolock MultiByteToWideChar 18659->18660 18661 7ff6e3798256 18660->18661 18661->18657 18680 7ff6e378f5a4 18661->18680 18664 7ff6e37982a1 18664->18657 18667 7ff6e378f5a4 __crtLCMapStringW 6 API calls 18664->18667 18665 7ff6e37982f2 18666 7ff6e378dbbc _fread_nolock 12 API calls 18665->18666 18668 7ff6e37983c4 18665->18668 18669 7ff6e3798310 18665->18669 18666->18669 18667->18657 18668->18657 18670 7ff6e378af0c __free_lconv_mon 11 API calls 18668->18670 18669->18657 18671 7ff6e378f5a4 __crtLCMapStringW 6 API calls 18669->18671 18670->18657 18672 7ff6e3798390 18671->18672 18672->18668 18673 7ff6e37983b0 18672->18673 18674 7ff6e37983c6 18672->18674 18676 7ff6e37904c8 WideCharToMultiByte 18673->18676 18675 7ff6e37904c8 WideCharToMultiByte 18674->18675 18677 7ff6e37983be 18675->18677 18676->18677 18677->18668 18678 7ff6e37983de 18677->18678 18678->18657 18679 7ff6e378af0c __free_lconv_mon 11 API calls 18678->18679 18679->18657 18681 7ff6e378f1d0 __crtLCMapStringW 5 API calls 18680->18681 18682 7ff6e378f5e2 18681->18682 18684 7ff6e378f5ea 18682->18684 18686 7ff6e378f690 18682->18686 18684->18657 18684->18664 18684->18665 18685 7ff6e378f653 LCMapStringW 18685->18684 18687 7ff6e378f1d0 __crtLCMapStringW 5 API calls 18686->18687 18688 7ff6e378f6be __crtLCMapStringW 18687->18688 18688->18685 18691 7ff6e37898d9 18690->18691 18692 7ff6e3789a3d 18690->18692 18691->18535 18693 7ff6e3789a66 18692->18693 18694 7ff6e378af0c __free_lconv_mon 11 API calls 18692->18694 18695 7ff6e378af0c __free_lconv_mon 11 API calls 18693->18695 18694->18692 18695->18691 18697 7ff6e3796c30 18696->18697 18698 7ff6e3796c19 18696->18698 18697->18698 18700 7ff6e3796c3e 18697->18700 18699 7ff6e37854c4 _get_daylight 11 API calls 18698->18699 18701 7ff6e3796c1e 18699->18701 18703 7ff6e3784f98 45 API calls 18700->18703 18704 7ff6e3796c29 18700->18704 18702 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 18701->18702 18702->18704 18703->18704 18704->18389 18706 7ff6e3784f98 45 API calls 18705->18706 18707 7ff6e3799849 18706->18707 18710 7ff6e37994a0 18707->18710 18714 7ff6e37994ee 18710->18714 18711 7ff6e377bcc0 _wfindfirst32i64 8 API calls 18712 7ff6e3797ad5 18711->18712 18712->18389 18712->18414 18713 7ff6e3799575 18715 7ff6e378fc00 _fread_nolock MultiByteToWideChar 18713->18715 18719 7ff6e3799579 18713->18719 18714->18713 18716 7ff6e3799560 GetCPInfo 18714->18716 18714->18719 18717 7ff6e379960d 18715->18717 18716->18713 18716->18719 18718 7ff6e378dbbc _fread_nolock 12 API calls 18717->18718 18717->18719 18720 7ff6e3799644 18717->18720 18718->18720 18719->18711 18720->18719 18721 7ff6e378fc00 _fread_nolock MultiByteToWideChar 18720->18721 18722 7ff6e37996b2 18721->18722 18723 7ff6e3799794 18722->18723 18724 7ff6e378fc00 _fread_nolock MultiByteToWideChar 18722->18724 18723->18719 18725 7ff6e378af0c __free_lconv_mon 11 API calls 18723->18725 18726 7ff6e37996d8 18724->18726 18725->18719 18726->18723 18727 7ff6e378dbbc _fread_nolock 12 API calls 18726->18727 18728 7ff6e3799705 18726->18728 18727->18728 18728->18723 18729 7ff6e378fc00 _fread_nolock MultiByteToWideChar 18728->18729 18730 7ff6e379977c 18729->18730 18731 7ff6e3799782 18730->18731 18732 7ff6e379979c 18730->18732 18731->18723 18735 7ff6e378af0c __free_lconv_mon 11 API calls 18731->18735 18739 7ff6e378f428 18732->18739 18735->18723 18736 7ff6e37997db 18736->18719 18738 7ff6e378af0c __free_lconv_mon 11 API calls 18736->18738 18737 7ff6e378af0c __free_lconv_mon 11 API calls 18737->18736 18738->18719 18740 7ff6e378f1d0 __crtLCMapStringW 5 API calls 18739->18740 18741 7ff6e378f466 18740->18741 18742 7ff6e378f46e 18741->18742 18743 7ff6e378f690 __crtLCMapStringW 5 API calls 18741->18743 18742->18736 18742->18737 18744 7ff6e378f4d7 CompareStringW 18743->18744 18744->18742 18746 7ff6e3798511 18745->18746 18747 7ff6e379852a HeapSize 18745->18747 18748 7ff6e37854c4 _get_daylight 11 API calls 18746->18748 18749 7ff6e3798516 18748->18749 18750 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 18749->18750 18751 7ff6e3798521 18750->18751 18751->18419 18753 7ff6e3790ed1 18752->18753 18754 7ff6e3790edb 18752->18754 18755 7ff6e378dbbc _fread_nolock 12 API calls 18753->18755 18756 7ff6e3790ee0 18754->18756 18762 7ff6e3790ee7 _get_daylight 18754->18762 18760 7ff6e3790ed9 18755->18760 18757 7ff6e378af0c __free_lconv_mon 11 API calls 18756->18757 18757->18760 18758 7ff6e3790f1a HeapReAlloc 18758->18760 18758->18762 18759 7ff6e3790eed 18761 7ff6e37854c4 _get_daylight 11 API calls 18759->18761 18760->18423 18761->18760 18762->18758 18762->18759 18763 7ff6e3793c00 _get_daylight 2 API calls 18762->18763 18763->18762 18765 7ff6e37897b1 18764->18765 18766 7ff6e37897b5 18764->18766 18765->18447 18777 7ff6e3789b5c 18765->18777 18785 7ff6e37930ac GetEnvironmentStringsW 18766->18785 18769 7ff6e37897ce 18792 7ff6e378991c 18769->18792 18770 7ff6e37897c2 18771 7ff6e378af0c __free_lconv_mon 11 API calls 18770->18771 18771->18765 18774 7ff6e378af0c __free_lconv_mon 11 API calls 18775 7ff6e37897f5 18774->18775 18776 7ff6e378af0c __free_lconv_mon 11 API calls 18775->18776 18776->18765 18778 7ff6e3789b7f 18777->18778 18783 7ff6e3789b96 18777->18783 18778->18447 18779 7ff6e378fc00 MultiByteToWideChar _fread_nolock 18779->18783 18780 7ff6e378f158 _get_daylight 11 API calls 18780->18783 18781 7ff6e3789c0a 18782 7ff6e378af0c __free_lconv_mon 11 API calls 18781->18782 18782->18778 18783->18778 18783->18779 18783->18780 18783->18781 18784 7ff6e378af0c __free_lconv_mon 11 API calls 18783->18784 18784->18783 18786 7ff6e37897ba 18785->18786 18787 7ff6e37930d0 18785->18787 18786->18769 18786->18770 18788 7ff6e378dbbc _fread_nolock 12 API calls 18787->18788 18789 7ff6e3793107 memcpy_s 18788->18789 18790 7ff6e378af0c __free_lconv_mon 11 API calls 18789->18790 18791 7ff6e3793127 FreeEnvironmentStringsW 18790->18791 18791->18786 18793 7ff6e3789944 18792->18793 18794 7ff6e378f158 _get_daylight 11 API calls 18793->18794 18805 7ff6e378997f 18794->18805 18795 7ff6e3789987 18796 7ff6e378af0c __free_lconv_mon 11 API calls 18795->18796 18797 7ff6e37897d6 18796->18797 18797->18774 18798 7ff6e3789a01 18799 7ff6e378af0c __free_lconv_mon 11 API calls 18798->18799 18799->18797 18800 7ff6e378f158 _get_daylight 11 API calls 18800->18805 18801 7ff6e37899f0 18803 7ff6e3789a38 11 API calls 18801->18803 18802 7ff6e3790e54 _wfindfirst32i64 37 API calls 18802->18805 18804 7ff6e37899f8 18803->18804 18807 7ff6e378af0c __free_lconv_mon 11 API calls 18804->18807 18805->18795 18805->18798 18805->18800 18805->18801 18805->18802 18806 7ff6e3789a24 18805->18806 18809 7ff6e378af0c __free_lconv_mon 11 API calls 18805->18809 18808 7ff6e378aec4 _wfindfirst32i64 17 API calls 18806->18808 18807->18795 18810 7ff6e3789a36 18808->18810 18809->18805 18812 7ff6e3799409 __crtLCMapStringW 18811->18812 18813 7ff6e378f428 6 API calls 18812->18813 18814 7ff6e37979be 18812->18814 18813->18814 18814->18470 18814->18472 18815 7ff6e377b240 18816 7ff6e377b26e 18815->18816 18817 7ff6e377b255 18815->18817 18817->18816 18819 7ff6e378dbbc 12 API calls 18817->18819 18818 7ff6e377b2cc 18819->18818 18937 7ff6e378cae0 18948 7ff6e3790cb8 EnterCriticalSection 18937->18948 18949 7ff6e378a2e0 18952 7ff6e378a25c 18949->18952 18959 7ff6e3790cb8 EnterCriticalSection 18952->18959 19641 7ff6e379a96e 19642 7ff6e379a97e 19641->19642 19645 7ff6e3785378 LeaveCriticalSection 19642->19645 19078 7ff6e379aaf4 19081 7ff6e3785378 LeaveCriticalSection 19078->19081 18820 7ff6e378fcec 18821 7ff6e378fede 18820->18821 18823 7ff6e378fd2e _isindst 18820->18823 18822 7ff6e37854c4 _get_daylight 11 API calls 18821->18822 18840 7ff6e378fece 18822->18840 18823->18821 18826 7ff6e378fdae _isindst 18823->18826 18824 7ff6e377bcc0 _wfindfirst32i64 8 API calls 18825 7ff6e378fef9 18824->18825 18841 7ff6e3796904 18826->18841 18831 7ff6e378ff0a 18833 7ff6e378aec4 _wfindfirst32i64 17 API calls 18831->18833 18835 7ff6e378ff1e 18833->18835 18838 7ff6e378fe0b 18838->18840 18865 7ff6e3796948 18838->18865 18840->18824 18842 7ff6e3796913 18841->18842 18844 7ff6e378fdcc 18841->18844 18872 7ff6e3790cb8 EnterCriticalSection 18842->18872 18847 7ff6e3795d08 18844->18847 18848 7ff6e3795d11 18847->18848 18850 7ff6e378fde1 18847->18850 18849 7ff6e37854c4 _get_daylight 11 API calls 18848->18849 18851 7ff6e3795d16 18849->18851 18850->18831 18853 7ff6e3795d38 18850->18853 18852 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 18851->18852 18852->18850 18854 7ff6e3795d41 18853->18854 18855 7ff6e378fdf2 18853->18855 18856 7ff6e37854c4 _get_daylight 11 API calls 18854->18856 18855->18831 18859 7ff6e3795d68 18855->18859 18857 7ff6e3795d46 18856->18857 18858 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 18857->18858 18858->18855 18860 7ff6e3795d71 18859->18860 18861 7ff6e378fe03 18859->18861 18862 7ff6e37854c4 _get_daylight 11 API calls 18860->18862 18861->18831 18861->18838 18863 7ff6e3795d76 18862->18863 18864 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 18863->18864 18864->18861 18873 7ff6e3790cb8 EnterCriticalSection 18865->18873 15172 7ff6e377c07c 15193 7ff6e377c24c 15172->15193 15175 7ff6e377c1c8 15289 7ff6e377c57c IsProcessorFeaturePresent 15175->15289 15176 7ff6e377c098 __scrt_acquire_startup_lock 15178 7ff6e377c1d2 15176->15178 15185 7ff6e377c0b6 __scrt_release_startup_lock 15176->15185 15179 7ff6e377c57c 7 API calls 15178->15179 15181 7ff6e377c1dd __CxxCallCatchBlock 15179->15181 15180 7ff6e377c0db 15182 7ff6e377c161 15199 7ff6e377c6c8 15182->15199 15184 7ff6e377c166 15202 7ff6e3771000 15184->15202 15185->15180 15185->15182 15278 7ff6e378a0bc 15185->15278 15190 7ff6e377c189 15190->15181 15285 7ff6e377c3e0 15190->15285 15296 7ff6e377c84c 15193->15296 15196 7ff6e377c090 15196->15175 15196->15176 15197 7ff6e377c27b __scrt_initialize_crt 15197->15196 15298 7ff6e377d998 15197->15298 15325 7ff6e377d0e0 15199->15325 15201 7ff6e377c6df GetStartupInfoW 15201->15184 15203 7ff6e377100b 15202->15203 15327 7ff6e37786b0 15203->15327 15205 7ff6e377101d 15334 7ff6e3785ef8 15205->15334 15207 7ff6e37739cb 15341 7ff6e3771eb0 15207->15341 15210 7ff6e3773ad2 15470 7ff6e377bcc0 15210->15470 15214 7ff6e37739ea 15214->15210 15357 7ff6e3777b60 15214->15357 15216 7ff6e3773a1f 15217 7ff6e3773a6b 15216->15217 15218 7ff6e3777b60 61 API calls 15216->15218 15372 7ff6e3778040 15217->15372 15223 7ff6e3773a40 __vcrt_freefls 15218->15223 15220 7ff6e3773a80 15376 7ff6e3771cb0 15220->15376 15223->15217 15228 7ff6e3778040 58 API calls 15223->15228 15224 7ff6e3773b71 15226 7ff6e3773b95 15224->15226 15395 7ff6e37714f0 15224->15395 15225 7ff6e3771cb0 121 API calls 15227 7ff6e3773ab6 15225->15227 15226->15210 15232 7ff6e3773bef 15226->15232 15402 7ff6e3778ae0 15226->15402 15229 7ff6e3773aba 15227->15229 15230 7ff6e3773af8 15227->15230 15228->15217 15457 7ff6e3772b30 15229->15457 15230->15224 15479 7ff6e3773fd0 15230->15479 15416 7ff6e3776de0 15232->15416 15234 7ff6e3773bcc 15237 7ff6e3773be2 SetDllDirectoryW 15234->15237 15238 7ff6e3773bd1 15234->15238 15237->15232 15241 7ff6e3772b30 59 API calls 15238->15241 15241->15210 15244 7ff6e3773b16 15247 7ff6e3772b30 59 API calls 15244->15247 15245 7ff6e3773c09 15271 7ff6e3773c3b 15245->15271 15511 7ff6e37765f0 15245->15511 15247->15210 15248 7ff6e3773d06 15420 7ff6e37734c0 15248->15420 15249 7ff6e3773b44 15249->15224 15250 7ff6e3773b49 15249->15250 15498 7ff6e378018c 15250->15498 15256 7ff6e3773c5a 15264 7ff6e3773ca5 15256->15264 15553 7ff6e3771ef0 15256->15553 15257 7ff6e3773c3d 15547 7ff6e3776840 15257->15547 15263 7ff6e3773d2e 15266 7ff6e3777b60 61 API calls 15263->15266 15264->15210 15557 7ff6e3773460 15264->15557 15269 7ff6e3773d3a 15266->15269 15434 7ff6e3778080 15269->15434 15270 7ff6e3773ce1 15273 7ff6e3776840 FreeLibrary 15270->15273 15271->15248 15271->15256 15273->15210 15279 7ff6e378a0d3 15278->15279 15280 7ff6e378a0f4 15278->15280 15279->15182 18207 7ff6e378a968 15280->18207 15283 7ff6e377c70c GetModuleHandleW 15284 7ff6e377c71d 15283->15284 15284->15190 15287 7ff6e377c3f1 15285->15287 15286 7ff6e377c1a0 15286->15180 15287->15286 15288 7ff6e377d998 __scrt_initialize_crt 7 API calls 15287->15288 15288->15286 15290 7ff6e377c5a2 _wfindfirst32i64 __scrt_get_show_window_mode 15289->15290 15291 7ff6e377c5c1 RtlCaptureContext RtlLookupFunctionEntry 15290->15291 15292 7ff6e377c5ea RtlVirtualUnwind 15291->15292 15293 7ff6e377c626 __scrt_get_show_window_mode 15291->15293 15292->15293 15294 7ff6e377c658 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15293->15294 15295 7ff6e377c6aa _wfindfirst32i64 15294->15295 15295->15178 15297 7ff6e377c26e __scrt_dllmain_crt_thread_attach 15296->15297 15297->15196 15297->15197 15299 7ff6e377d9aa 15298->15299 15300 7ff6e377d9a0 15298->15300 15299->15196 15304 7ff6e377dd14 15300->15304 15305 7ff6e377dd23 15304->15305 15306 7ff6e377d9a5 15304->15306 15312 7ff6e377df50 15305->15312 15308 7ff6e377dd80 15306->15308 15309 7ff6e377ddab 15308->15309 15310 7ff6e377ddaf 15309->15310 15311 7ff6e377dd8e DeleteCriticalSection 15309->15311 15310->15299 15311->15309 15316 7ff6e377ddb8 15312->15316 15317 7ff6e377ddfc __vcrt_FlsAlloc 15316->15317 15323 7ff6e377ded2 TlsFree 15316->15323 15318 7ff6e377de2a LoadLibraryExW 15317->15318 15319 7ff6e377dec1 GetProcAddress 15317->15319 15317->15323 15324 7ff6e377de6d LoadLibraryExW 15317->15324 15320 7ff6e377de4b GetLastError 15318->15320 15321 7ff6e377dea1 15318->15321 15319->15323 15320->15317 15321->15319 15322 7ff6e377deb8 FreeLibrary 15321->15322 15322->15319 15324->15317 15324->15321 15326 7ff6e377d0c0 15325->15326 15326->15201 15326->15326 15329 7ff6e37786cf 15327->15329 15328 7ff6e3778720 WideCharToMultiByte 15328->15329 15332 7ff6e37787c6 15328->15332 15329->15328 15331 7ff6e3778774 WideCharToMultiByte 15329->15331 15329->15332 15333 7ff6e37786d7 __vcrt_freefls 15329->15333 15331->15329 15331->15332 15605 7ff6e37729e0 15332->15605 15333->15205 15337 7ff6e3790050 15334->15337 15335 7ff6e37900a3 15336 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 15335->15336 15340 7ff6e37900cc 15336->15340 15337->15335 15338 7ff6e37900f6 15337->15338 16110 7ff6e378ff28 15338->16110 15340->15207 15342 7ff6e3771ec5 15341->15342 15344 7ff6e3771ee0 15342->15344 16118 7ff6e3772890 15342->16118 15344->15210 15345 7ff6e3773ec0 15344->15345 15346 7ff6e377bc60 15345->15346 15347 7ff6e3773ecc GetModuleFileNameW 15346->15347 15348 7ff6e3773efb 15347->15348 15349 7ff6e3773f12 15347->15349 15351 7ff6e37729e0 57 API calls 15348->15351 16158 7ff6e3778bf0 15349->16158 15352 7ff6e3773f0e 15351->15352 15355 7ff6e377bcc0 _wfindfirst32i64 8 API calls 15352->15355 15354 7ff6e3772b30 59 API calls 15354->15352 15356 7ff6e3773f4f 15355->15356 15356->15214 15358 7ff6e3777b6a 15357->15358 15359 7ff6e3778ae0 57 API calls 15358->15359 15360 7ff6e3777b8c GetEnvironmentVariableW 15359->15360 15361 7ff6e3777bf6 15360->15361 15362 7ff6e3777ba4 ExpandEnvironmentStringsW 15360->15362 15363 7ff6e377bcc0 _wfindfirst32i64 8 API calls 15361->15363 15364 7ff6e3778bf0 59 API calls 15362->15364 15365 7ff6e3777c08 15363->15365 15366 7ff6e3777bcc 15364->15366 15365->15216 15366->15361 15367 7ff6e3777bd6 15366->15367 16169 7ff6e378a99c 15367->16169 15370 7ff6e377bcc0 _wfindfirst32i64 8 API calls 15371 7ff6e3777bee 15370->15371 15371->15216 15373 7ff6e3778ae0 57 API calls 15372->15373 15374 7ff6e3778057 SetEnvironmentVariableW 15373->15374 15375 7ff6e377806f __vcrt_freefls 15374->15375 15375->15220 15377 7ff6e3771cbe 15376->15377 15378 7ff6e3771ef0 49 API calls 15377->15378 15379 7ff6e3771cf4 15378->15379 15380 7ff6e3771dde 15379->15380 15381 7ff6e3771ef0 49 API calls 15379->15381 15382 7ff6e377bcc0 _wfindfirst32i64 8 API calls 15380->15382 15383 7ff6e3771d1a 15381->15383 15384 7ff6e3771e6c 15382->15384 15383->15380 16176 7ff6e3771aa0 15383->16176 15384->15224 15384->15225 15388 7ff6e3771dcc 15389 7ff6e3773e40 49 API calls 15388->15389 15389->15380 15390 7ff6e3771d8f 15390->15388 15391 7ff6e3771e34 15390->15391 15392 7ff6e3773e40 49 API calls 15391->15392 15393 7ff6e3771e41 15392->15393 16212 7ff6e3774050 15393->16212 15396 7ff6e3771506 15395->15396 15399 7ff6e377157f 15395->15399 16254 7ff6e3777950 15396->16254 15399->15226 15400 7ff6e3772b30 59 API calls 15401 7ff6e3771564 15400->15401 15401->15226 15403 7ff6e3778b87 MultiByteToWideChar 15402->15403 15404 7ff6e3778b01 MultiByteToWideChar 15402->15404 15405 7ff6e3778baa 15403->15405 15406 7ff6e3778bcf 15403->15406 15407 7ff6e3778b4c 15404->15407 15408 7ff6e3778b27 15404->15408 15409 7ff6e37729e0 55 API calls 15405->15409 15406->15234 15407->15403 15413 7ff6e3778b62 15407->15413 15410 7ff6e37729e0 55 API calls 15408->15410 15411 7ff6e3778bbd 15409->15411 15412 7ff6e3778b3a 15410->15412 15411->15234 15412->15234 15414 7ff6e37729e0 55 API calls 15413->15414 15415 7ff6e3778b75 15414->15415 15415->15234 15417 7ff6e3776df5 15416->15417 15418 7ff6e3773bf4 15417->15418 15419 7ff6e3772890 59 API calls 15417->15419 15418->15271 15502 7ff6e3776a90 15418->15502 15419->15418 15421 7ff6e3773574 15420->15421 15424 7ff6e3773533 15420->15424 15422 7ff6e377bcc0 _wfindfirst32i64 8 API calls 15421->15422 15423 7ff6e37735c5 15422->15423 15423->15210 15427 7ff6e3777fd0 15423->15427 15424->15421 16796 7ff6e3771710 15424->16796 16838 7ff6e3772d70 15424->16838 15428 7ff6e3778ae0 57 API calls 15427->15428 15429 7ff6e3777fef 15428->15429 15430 7ff6e3778ae0 57 API calls 15429->15430 15431 7ff6e3777fff 15430->15431 15432 7ff6e3787dec 38 API calls 15431->15432 15433 7ff6e377800d __vcrt_freefls 15432->15433 15433->15263 15435 7ff6e3778090 15434->15435 15436 7ff6e3778ae0 57 API calls 15435->15436 15437 7ff6e37780c1 SetConsoleCtrlHandler GetStartupInfoW 15436->15437 15458 7ff6e3772b50 15457->15458 15459 7ff6e3784ac4 49 API calls 15458->15459 15460 7ff6e3772b9b __scrt_get_show_window_mode 15459->15460 15461 7ff6e3778ae0 57 API calls 15460->15461 15462 7ff6e3772bd0 15461->15462 15463 7ff6e3772c0d MessageBoxA 15462->15463 15464 7ff6e3772bd5 15462->15464 15466 7ff6e3772c27 15463->15466 15465 7ff6e3778ae0 57 API calls 15464->15465 15467 7ff6e3772bef MessageBoxW 15465->15467 15468 7ff6e377bcc0 _wfindfirst32i64 8 API calls 15466->15468 15467->15466 15469 7ff6e3772c37 15468->15469 15469->15210 15471 7ff6e377bcc9 15470->15471 15472 7ff6e3773ae6 15471->15472 15473 7ff6e377bd20 IsProcessorFeaturePresent 15471->15473 15472->15283 15474 7ff6e377bd38 15473->15474 17345 7ff6e377bf14 RtlCaptureContext 15474->17345 15480 7ff6e3773fdc 15479->15480 15481 7ff6e3778ae0 57 API calls 15480->15481 15482 7ff6e3774007 15481->15482 15483 7ff6e3778ae0 57 API calls 15482->15483 15484 7ff6e377401a 15483->15484 17350 7ff6e37864a8 15484->17350 15487 7ff6e377bcc0 _wfindfirst32i64 8 API calls 15488 7ff6e3773b0e 15487->15488 15488->15244 15489 7ff6e37782b0 15488->15489 15490 7ff6e37782d4 15489->15490 15491 7ff6e37783ab __vcrt_freefls 15490->15491 15492 7ff6e3780814 73 API calls 15490->15492 15491->15249 15493 7ff6e37782ee 15492->15493 15493->15491 17729 7ff6e3789070 15493->17729 15499 7ff6e37801bc 15498->15499 17744 7ff6e377ff68 15499->17744 15503 7ff6e3776aca 15502->15503 15504 7ff6e3776ab3 15502->15504 15503->15245 15504->15503 17755 7ff6e37715a0 15504->17755 15506 7ff6e3776ad4 15506->15503 15507 7ff6e3774050 49 API calls 15506->15507 15508 7ff6e3776b35 15507->15508 15509 7ff6e3772b30 59 API calls 15508->15509 15510 7ff6e3776ba5 memcpy_s __vcrt_freefls 15508->15510 15509->15503 15510->15245 15524 7ff6e377660a memcpy_s 15511->15524 15513 7ff6e377672f 15515 7ff6e3774050 49 API calls 15513->15515 15514 7ff6e377674b 15517 7ff6e3772b30 59 API calls 15514->15517 15516 7ff6e37767a8 15515->15516 15520 7ff6e3774050 49 API calls 15516->15520 15523 7ff6e3776741 __vcrt_freefls 15517->15523 15518 7ff6e3774050 49 API calls 15518->15524 15519 7ff6e3776710 15519->15513 15521 7ff6e3774050 49 API calls 15519->15521 15522 7ff6e37767d8 15520->15522 15521->15513 15527 7ff6e3774050 49 API calls 15522->15527 15525 7ff6e377bcc0 _wfindfirst32i64 8 API calls 15523->15525 15524->15513 15524->15514 15524->15518 15524->15519 15524->15524 15528 7ff6e3771710 144 API calls 15524->15528 15529 7ff6e3776731 15524->15529 17779 7ff6e3771950 15524->17779 15526 7ff6e3773c1a 15525->15526 15526->15257 15531 7ff6e3776570 15526->15531 15527->15523 15528->15524 15530 7ff6e3772b30 59 API calls 15529->15530 15530->15523 17783 7ff6e3778260 15531->17783 15533 7ff6e377658c 15534 7ff6e3778260 58 API calls 15533->15534 15535 7ff6e377659f 15534->15535 15536 7ff6e37765d5 15535->15536 15537 7ff6e37765b7 15535->15537 15538 7ff6e3772b30 59 API calls 15536->15538 17787 7ff6e3776ef0 GetProcAddress 15537->17787 15549 7ff6e377687d 15547->15549 15552 7ff6e3776852 15547->15552 15548 7ff6e377693b 15548->15549 17847 7ff6e3778240 FreeLibrary 15548->17847 15549->15271 15552->15548 15552->15549 17846 7ff6e3778240 FreeLibrary 15552->17846 15554 7ff6e3771f15 15553->15554 15555 7ff6e3784ac4 49 API calls 15554->15555 15556 7ff6e3771f38 15555->15556 15556->15264 17848 7ff6e3775bc0 15557->17848 15560 7ff6e37734ad 15560->15270 15624 7ff6e377bc60 15605->15624 15608 7ff6e3772a29 15626 7ff6e3784ac4 15608->15626 15613 7ff6e3771ef0 49 API calls 15614 7ff6e3772a86 __scrt_get_show_window_mode 15613->15614 15615 7ff6e3778ae0 54 API calls 15614->15615 15616 7ff6e3772abb 15615->15616 15617 7ff6e3772af8 MessageBoxA 15616->15617 15618 7ff6e3772ac0 15616->15618 15619 7ff6e3772b12 15617->15619 15620 7ff6e3778ae0 54 API calls 15618->15620 15622 7ff6e377bcc0 _wfindfirst32i64 8 API calls 15619->15622 15621 7ff6e3772ada MessageBoxW 15620->15621 15621->15619 15623 7ff6e3772b22 15622->15623 15623->15333 15625 7ff6e37729fc GetLastError 15624->15625 15625->15608 15629 7ff6e3784b1e 15626->15629 15627 7ff6e3784b43 15656 7ff6e378add8 15627->15656 15629->15627 15630 7ff6e3784b7f 15629->15630 15664 7ff6e3782d50 15630->15664 15632 7ff6e3784b6d 15634 7ff6e377bcc0 _wfindfirst32i64 8 API calls 15632->15634 15633 7ff6e378af0c __free_lconv_mon 11 API calls 15633->15632 15636 7ff6e3772a57 15634->15636 15644 7ff6e3778560 15636->15644 15637 7ff6e3784c5c 15637->15633 15638 7ff6e3784c31 15678 7ff6e378af0c 15638->15678 15639 7ff6e3784c80 15639->15637 15641 7ff6e3784c8a 15639->15641 15640 7ff6e3784c28 15640->15637 15640->15638 15643 7ff6e378af0c __free_lconv_mon 11 API calls 15641->15643 15643->15632 15645 7ff6e377856c 15644->15645 15646 7ff6e377858d FormatMessageW 15645->15646 15647 7ff6e3778587 GetLastError 15645->15647 15648 7ff6e37785dc WideCharToMultiByte 15646->15648 15649 7ff6e37785c0 15646->15649 15647->15646 15651 7ff6e3778616 15648->15651 15652 7ff6e37785d3 15648->15652 15650 7ff6e37729e0 54 API calls 15649->15650 15650->15652 15653 7ff6e37729e0 54 API calls 15651->15653 15654 7ff6e377bcc0 _wfindfirst32i64 8 API calls 15652->15654 15653->15652 15655 7ff6e3772a5e 15654->15655 15655->15613 15684 7ff6e378ab20 15656->15684 15659 7ff6e378ae13 15659->15632 15665 7ff6e3782d8e 15664->15665 15670 7ff6e3782d7e 15664->15670 15666 7ff6e3782d97 15665->15666 15676 7ff6e3782dc5 15665->15676 15668 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 15666->15668 15667 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 15669 7ff6e3782dbd 15667->15669 15668->15669 15669->15637 15669->15638 15669->15639 15669->15640 15670->15667 15673 7ff6e3783074 15675 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 15673->15675 15675->15670 15676->15669 15676->15670 15676->15673 15776 7ff6e37836e0 15676->15776 15802 7ff6e37833a8 15676->15802 15832 7ff6e3782c30 15676->15832 15835 7ff6e3784900 15676->15835 15679 7ff6e378af11 RtlFreeHeap 15678->15679 15683 7ff6e378af40 15678->15683 15680 7ff6e378af2c GetLastError 15679->15680 15679->15683 15681 7ff6e378af39 __free_lconv_mon 15680->15681 15682 7ff6e37854c4 _get_daylight 9 API calls 15681->15682 15682->15683 15683->15632 15685 7ff6e378ab77 15684->15685 15686 7ff6e378ab3c GetLastError 15684->15686 15685->15659 15690 7ff6e378ab8c 15685->15690 15687 7ff6e378ab4c 15686->15687 15697 7ff6e378b950 15687->15697 15691 7ff6e378abc0 15690->15691 15692 7ff6e378aba8 GetLastError SetLastError 15690->15692 15691->15659 15693 7ff6e378aec4 IsProcessorFeaturePresent 15691->15693 15692->15691 15694 7ff6e378aed7 15693->15694 15768 7ff6e378abd8 15694->15768 15698 7ff6e378b96f FlsGetValue 15697->15698 15699 7ff6e378b98a FlsSetValue 15697->15699 15700 7ff6e378b984 15698->15700 15702 7ff6e378ab67 SetLastError 15698->15702 15701 7ff6e378b997 15699->15701 15699->15702 15700->15699 15714 7ff6e378f158 15701->15714 15702->15685 15705 7ff6e378b9c4 FlsSetValue 15708 7ff6e378b9d0 FlsSetValue 15705->15708 15709 7ff6e378b9e2 15705->15709 15706 7ff6e378b9b4 FlsSetValue 15707 7ff6e378b9bd 15706->15707 15711 7ff6e378af0c __free_lconv_mon 11 API calls 15707->15711 15708->15707 15721 7ff6e378b4b8 15709->15721 15711->15702 15715 7ff6e378f169 _get_daylight 15714->15715 15716 7ff6e378f1ba 15715->15716 15717 7ff6e378f19e HeapAlloc 15715->15717 15726 7ff6e3793c00 15715->15726 15729 7ff6e37854c4 15716->15729 15717->15715 15718 7ff6e378b9a6 15717->15718 15718->15705 15718->15706 15754 7ff6e378b390 15721->15754 15732 7ff6e3793c40 15726->15732 15737 7ff6e378b888 GetLastError 15729->15737 15731 7ff6e37854cd 15731->15718 15733 7ff6e3790cb8 _isindst EnterCriticalSection 15732->15733 15734 7ff6e3793c4d 15733->15734 15735 7ff6e3790d18 _isindst LeaveCriticalSection 15734->15735 15736 7ff6e3793c12 15735->15736 15736->15715 15738 7ff6e378b8c9 FlsSetValue 15737->15738 15742 7ff6e378b8ac 15737->15742 15739 7ff6e378b8db 15738->15739 15752 7ff6e378b8b9 15738->15752 15741 7ff6e378f158 _get_daylight 5 API calls 15739->15741 15740 7ff6e378b935 SetLastError 15740->15731 15743 7ff6e378b8ea 15741->15743 15742->15738 15742->15752 15744 7ff6e378b908 FlsSetValue 15743->15744 15745 7ff6e378b8f8 FlsSetValue 15743->15745 15746 7ff6e378b914 FlsSetValue 15744->15746 15747 7ff6e378b926 15744->15747 15748 7ff6e378b901 15745->15748 15746->15748 15749 7ff6e378b4b8 _get_daylight 5 API calls 15747->15749 15750 7ff6e378af0c __free_lconv_mon 5 API calls 15748->15750 15751 7ff6e378b92e 15749->15751 15750->15752 15753 7ff6e378af0c __free_lconv_mon 5 API calls 15751->15753 15752->15740 15753->15740 15766 7ff6e3790cb8 EnterCriticalSection 15754->15766 15769 7ff6e378ac12 _wfindfirst32i64 __scrt_get_show_window_mode 15768->15769 15770 7ff6e378ac3a RtlCaptureContext RtlLookupFunctionEntry 15769->15770 15771 7ff6e378ac74 RtlVirtualUnwind 15770->15771 15772 7ff6e378acaa IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15770->15772 15771->15772 15773 7ff6e378acfc _wfindfirst32i64 15772->15773 15774 7ff6e377bcc0 _wfindfirst32i64 8 API calls 15773->15774 15775 7ff6e378ad1b GetCurrentProcess TerminateProcess 15774->15775 15777 7ff6e3783795 15776->15777 15778 7ff6e3783722 15776->15778 15779 7ff6e378379a 15777->15779 15780 7ff6e37837ef 15777->15780 15781 7ff6e3783728 15778->15781 15782 7ff6e37837bf 15778->15782 15783 7ff6e37837cf 15779->15783 15787 7ff6e378379c 15779->15787 15780->15782 15784 7ff6e37837fe 15780->15784 15800 7ff6e3783758 15780->15800 15781->15784 15789 7ff6e378372d 15781->15789 15859 7ff6e3781c90 15782->15859 15866 7ff6e3781880 15783->15866 15801 7ff6e378382d 15784->15801 15873 7ff6e37820a0 15784->15873 15790 7ff6e378373d 15787->15790 15792 7ff6e37837ab 15787->15792 15789->15790 15791 7ff6e3783770 15789->15791 15789->15800 15790->15801 15841 7ff6e3784044 15790->15841 15791->15801 15851 7ff6e3784500 15791->15851 15792->15782 15794 7ff6e37837b0 15792->15794 15794->15801 15855 7ff6e3784698 15794->15855 15796 7ff6e377bcc0 _wfindfirst32i64 8 API calls 15798 7ff6e3783ac3 15796->15798 15798->15676 15800->15801 15880 7ff6e378ee18 15800->15880 15801->15796 15803 7ff6e37833c9 15802->15803 15804 7ff6e37833b3 15802->15804 15805 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 15803->15805 15806 7ff6e3783407 15803->15806 15804->15806 15807 7ff6e3783795 15804->15807 15808 7ff6e3783722 15804->15808 15805->15806 15806->15676 15809 7ff6e378379a 15807->15809 15810 7ff6e37837ef 15807->15810 15811 7ff6e3783728 15808->15811 15812 7ff6e37837bf 15808->15812 15813 7ff6e378379c 15809->15813 15814 7ff6e37837cf 15809->15814 15810->15812 15822 7ff6e37837fe 15810->15822 15830 7ff6e3783758 15810->15830 15819 7ff6e378372d 15811->15819 15811->15822 15816 7ff6e3781c90 38 API calls 15812->15816 15815 7ff6e378373d 15813->15815 15820 7ff6e37837ab 15813->15820 15817 7ff6e3781880 38 API calls 15814->15817 15818 7ff6e3784044 47 API calls 15815->15818 15831 7ff6e378382d 15815->15831 15816->15830 15817->15830 15818->15830 15819->15815 15821 7ff6e3783770 15819->15821 15819->15830 15820->15812 15824 7ff6e37837b0 15820->15824 15825 7ff6e3784500 47 API calls 15821->15825 15821->15831 15823 7ff6e37820a0 38 API calls 15822->15823 15822->15831 15823->15830 15827 7ff6e3784698 37 API calls 15824->15827 15824->15831 15825->15830 15826 7ff6e377bcc0 _wfindfirst32i64 8 API calls 15828 7ff6e3783ac3 15826->15828 15827->15830 15828->15676 15829 7ff6e378ee18 47 API calls 15829->15830 15830->15829 15830->15831 15831->15826 16038 7ff6e3780e54 15832->16038 15836 7ff6e3784917 15835->15836 16055 7ff6e378df78 15836->16055 15842 7ff6e3784066 15841->15842 15890 7ff6e3780cc0 15842->15890 15847 7ff6e3784900 45 API calls 15848 7ff6e37841a3 15847->15848 15849 7ff6e3784900 45 API calls 15848->15849 15850 7ff6e378422c 15848->15850 15849->15850 15850->15800 15852 7ff6e3784518 15851->15852 15854 7ff6e3784580 15851->15854 15853 7ff6e378ee18 47 API calls 15852->15853 15852->15854 15853->15854 15854->15800 15858 7ff6e37846b9 15855->15858 15856 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 15857 7ff6e37846ea 15856->15857 15857->15800 15858->15856 15858->15857 15860 7ff6e3781cc3 15859->15860 15861 7ff6e3781cf2 15860->15861 15863 7ff6e3781daf 15860->15863 15862 7ff6e3780cc0 12 API calls 15861->15862 15865 7ff6e3781d2f 15861->15865 15862->15865 15864 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 15863->15864 15864->15865 15865->15800 15867 7ff6e37818b3 15866->15867 15869 7ff6e37818e2 15867->15869 15870 7ff6e378199f 15867->15870 15868 7ff6e3780cc0 12 API calls 15872 7ff6e378191f 15868->15872 15869->15868 15869->15872 15871 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 15870->15871 15871->15872 15872->15800 15874 7ff6e37820d3 15873->15874 15875 7ff6e3782102 15874->15875 15877 7ff6e37821bf 15874->15877 15876 7ff6e3780cc0 12 API calls 15875->15876 15879 7ff6e378213f 15875->15879 15876->15879 15878 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 15877->15878 15878->15879 15879->15800 15881 7ff6e378ee40 15880->15881 15882 7ff6e378ee85 15881->15882 15883 7ff6e3784900 45 API calls 15881->15883 15888 7ff6e378ee45 __scrt_get_show_window_mode 15881->15888 15889 7ff6e378ee6e __scrt_get_show_window_mode 15881->15889 15882->15888 15882->15889 16035 7ff6e37904c8 15882->16035 15883->15882 15884 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 15884->15888 15888->15800 15889->15884 15889->15888 15891 7ff6e3780cf7 15890->15891 15897 7ff6e3780ce6 15890->15897 15891->15897 15920 7ff6e378dbbc 15891->15920 15894 7ff6e3780d38 15896 7ff6e378af0c __free_lconv_mon 11 API calls 15894->15896 15895 7ff6e378af0c __free_lconv_mon 11 API calls 15895->15894 15896->15897 15898 7ff6e378eb30 15897->15898 15899 7ff6e378eb80 15898->15899 15900 7ff6e378eb4d 15898->15900 15899->15900 15902 7ff6e378ebb2 15899->15902 15901 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 15900->15901 15910 7ff6e3784181 15901->15910 15907 7ff6e378ecc5 15902->15907 15915 7ff6e378ebfa 15902->15915 15903 7ff6e378edb7 15960 7ff6e378e01c 15903->15960 15905 7ff6e378ed7d 15953 7ff6e378e3b4 15905->15953 15907->15903 15907->15905 15908 7ff6e378ed4c 15907->15908 15909 7ff6e378ed0f 15907->15909 15912 7ff6e378ed05 15907->15912 15946 7ff6e378e694 15908->15946 15936 7ff6e378e8c4 15909->15936 15910->15847 15910->15848 15912->15905 15914 7ff6e378ed0a 15912->15914 15914->15908 15914->15909 15915->15910 15927 7ff6e378aa3c 15915->15927 15918 7ff6e378aec4 _wfindfirst32i64 17 API calls 15919 7ff6e378ee14 15918->15919 15921 7ff6e378dc07 15920->15921 15925 7ff6e378dbcb _get_daylight 15920->15925 15922 7ff6e37854c4 _get_daylight 11 API calls 15921->15922 15924 7ff6e3780d24 15922->15924 15923 7ff6e378dbee HeapAlloc 15923->15924 15923->15925 15924->15894 15924->15895 15925->15921 15925->15923 15926 7ff6e3793c00 _get_daylight 2 API calls 15925->15926 15926->15925 15928 7ff6e378aa53 15927->15928 15929 7ff6e378aa49 15927->15929 15930 7ff6e37854c4 _get_daylight 11 API calls 15928->15930 15929->15928 15931 7ff6e378aa6e 15929->15931 15935 7ff6e378aa5a 15930->15935 15933 7ff6e378aa66 15931->15933 15934 7ff6e37854c4 _get_daylight 11 API calls 15931->15934 15933->15910 15933->15918 15934->15935 15969 7ff6e378aea4 15935->15969 15971 7ff6e379471c 15936->15971 15940 7ff6e378e96c 15941 7ff6e378e970 15940->15941 15942 7ff6e378e9c1 15940->15942 15944 7ff6e378e98c 15940->15944 15941->15910 16024 7ff6e378e4b0 15942->16024 16020 7ff6e378e76c 15944->16020 15947 7ff6e379471c 38 API calls 15946->15947 15948 7ff6e378e6de 15947->15948 15949 7ff6e3794164 37 API calls 15948->15949 15950 7ff6e378e72e 15949->15950 15951 7ff6e378e732 15950->15951 15952 7ff6e378e76c 45 API calls 15950->15952 15951->15910 15952->15951 15954 7ff6e379471c 38 API calls 15953->15954 15955 7ff6e378e3ff 15954->15955 15956 7ff6e3794164 37 API calls 15955->15956 15957 7ff6e378e457 15956->15957 15958 7ff6e378e45b 15957->15958 15959 7ff6e378e4b0 45 API calls 15957->15959 15958->15910 15959->15958 15961 7ff6e378e061 15960->15961 15962 7ff6e378e094 15960->15962 15964 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 15961->15964 15963 7ff6e378e0ac 15962->15963 15967 7ff6e378e12d 15962->15967 15965 7ff6e378e3b4 46 API calls 15963->15965 15966 7ff6e378e08d __scrt_get_show_window_mode 15964->15966 15965->15966 15966->15910 15967->15966 15968 7ff6e3784900 45 API calls 15967->15968 15968->15966 15970 7ff6e378ad3c _invalid_parameter_noinfo 37 API calls 15969->15970 15972 7ff6e379476f fegetenv 15971->15972 15973 7ff6e379867c 37 API calls 15972->15973 15977 7ff6e37947c2 15973->15977 15974 7ff6e37947ef 15979 7ff6e378aa3c __std_exception_copy 37 API calls 15974->15979 15975 7ff6e37948b2 15976 7ff6e379867c 37 API calls 15975->15976 15978 7ff6e37948dc 15976->15978 15977->15975 15980 7ff6e37947dd 15977->15980 15981 7ff6e379488c 15977->15981 15982 7ff6e379867c 37 API calls 15978->15982 15983 7ff6e379486d 15979->15983 15980->15974 15980->15975 15984 7ff6e378aa3c __std_exception_copy 37 API calls 15981->15984 15985 7ff6e37948ed 15982->15985 15986 7ff6e3795994 15983->15986 15990 7ff6e3794875 15983->15990 15984->15983 15988 7ff6e3798870 20 API calls 15985->15988 15987 7ff6e378aec4 _wfindfirst32i64 17 API calls 15986->15987 15989 7ff6e37959a9 15987->15989 15998 7ff6e3794956 __scrt_get_show_window_mode 15988->15998 15991 7ff6e377bcc0 _wfindfirst32i64 8 API calls 15990->15991 15992 7ff6e378e911 15991->15992 16016 7ff6e3794164 15992->16016 15993 7ff6e3794cff __scrt_get_show_window_mode 15994 7ff6e379503f 15995 7ff6e3794280 37 API calls 15994->15995 16002 7ff6e3795757 15995->16002 15996 7ff6e3794feb 15996->15994 15999 7ff6e37959ac memcpy_s 37 API calls 15996->15999 15997 7ff6e3794997 memcpy_s 16011 7ff6e37952db memcpy_s __scrt_get_show_window_mode 15997->16011 16014 7ff6e3794df3 memcpy_s __scrt_get_show_window_mode 15997->16014 15998->15993 15998->15997 16000 7ff6e37854c4 _get_daylight 11 API calls 15998->16000 15999->15994 16001 7ff6e3794dd0 16000->16001 16003 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 16001->16003 16005 7ff6e37959ac memcpy_s 37 API calls 16002->16005 16009 7ff6e37957b2 16002->16009 16003->15997 16004 7ff6e3795938 16006 7ff6e379867c 37 API calls 16004->16006 16005->16009 16006->15990 16007 7ff6e37854c4 11 API calls _get_daylight 16007->16011 16008 7ff6e37854c4 11 API calls _get_daylight 16008->16014 16009->16004 16012 7ff6e3794280 37 API calls 16009->16012 16015 7ff6e37959ac memcpy_s 37 API calls 16009->16015 16010 7ff6e378aea4 37 API calls _invalid_parameter_noinfo 16010->16014 16011->15994 16011->15996 16011->16007 16013 7ff6e378aea4 37 API calls _invalid_parameter_noinfo 16011->16013 16012->16009 16013->16011 16014->15996 16014->16008 16014->16010 16015->16009 16017 7ff6e3794183 16016->16017 16018 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 16017->16018 16019 7ff6e37941ae memcpy_s 16017->16019 16018->16019 16019->15940 16021 7ff6e378e798 memcpy_s 16020->16021 16021->16021 16022 7ff6e3784900 45 API calls 16021->16022 16023 7ff6e378e852 memcpy_s __scrt_get_show_window_mode 16021->16023 16022->16023 16023->15941 16025 7ff6e378e4eb 16024->16025 16030 7ff6e378e538 memcpy_s 16024->16030 16026 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 16025->16026 16027 7ff6e378e517 16026->16027 16027->15941 16028 7ff6e378e5a3 16029 7ff6e378aa3c __std_exception_copy 37 API calls 16028->16029 16034 7ff6e378e5e5 memcpy_s 16029->16034 16030->16028 16031 7ff6e3784900 45 API calls 16030->16031 16031->16028 16032 7ff6e378aec4 _wfindfirst32i64 17 API calls 16033 7ff6e378e690 16032->16033 16034->16032 16036 7ff6e37904ec WideCharToMultiByte 16035->16036 16039 7ff6e3780e93 16038->16039 16040 7ff6e3780e81 16038->16040 16043 7ff6e3780ea0 16039->16043 16046 7ff6e3780edd 16039->16046 16041 7ff6e37854c4 _get_daylight 11 API calls 16040->16041 16042 7ff6e3780e86 16041->16042 16044 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 16042->16044 16045 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 16043->16045 16053 7ff6e3780e91 16044->16053 16045->16053 16047 7ff6e3780f86 16046->16047 16049 7ff6e37854c4 _get_daylight 11 API calls 16046->16049 16048 7ff6e37854c4 _get_daylight 11 API calls 16047->16048 16047->16053 16050 7ff6e3781030 16048->16050 16051 7ff6e3780f7b 16049->16051 16052 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 16050->16052 16054 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 16051->16054 16052->16053 16053->15676 16054->16047 16056 7ff6e378df91 16055->16056 16057 7ff6e378493f 16055->16057 16056->16057 16063 7ff6e3793974 16056->16063 16059 7ff6e378dfe4 16057->16059 16060 7ff6e378494f 16059->16060 16061 7ff6e378dffd 16059->16061 16060->15676 16061->16060 16107 7ff6e3792cc0 16061->16107 16075 7ff6e378b710 GetLastError 16063->16075 16066 7ff6e37939ce 16066->16057 16076 7ff6e378b751 FlsSetValue 16075->16076 16077 7ff6e378b734 FlsGetValue 16075->16077 16079 7ff6e378b763 16076->16079 16095 7ff6e378b741 16076->16095 16078 7ff6e378b74b 16077->16078 16077->16095 16078->16076 16081 7ff6e378f158 _get_daylight 11 API calls 16079->16081 16080 7ff6e378b7bd SetLastError 16082 7ff6e378b7ca 16080->16082 16083 7ff6e378b7dd 16080->16083 16084 7ff6e378b772 16081->16084 16082->16066 16097 7ff6e3790cb8 EnterCriticalSection 16082->16097 16098 7ff6e378aa9c 16083->16098 16086 7ff6e378b790 FlsSetValue 16084->16086 16087 7ff6e378b780 FlsSetValue 16084->16087 16090 7ff6e378b7ae 16086->16090 16091 7ff6e378b79c FlsSetValue 16086->16091 16089 7ff6e378b789 16087->16089 16093 7ff6e378af0c __free_lconv_mon 11 API calls 16089->16093 16092 7ff6e378b4b8 _get_daylight 11 API calls 16090->16092 16091->16089 16094 7ff6e378b7b6 16092->16094 16093->16095 16096 7ff6e378af0c __free_lconv_mon 11 API calls 16094->16096 16095->16080 16096->16080 16099 7ff6e3793cc0 __CxxCallCatchBlock EnterCriticalSection LeaveCriticalSection 16098->16099 16100 7ff6e378aaa5 16099->16100 16101 7ff6e378aab4 16100->16101 16102 7ff6e3793d10 __CxxCallCatchBlock 44 API calls 16100->16102 16103 7ff6e378aae7 __CxxCallCatchBlock 16101->16103 16104 7ff6e378aabd IsProcessorFeaturePresent 16101->16104 16102->16101 16105 7ff6e378aacc 16104->16105 16106 7ff6e378abd8 _wfindfirst32i64 14 API calls 16105->16106 16106->16103 16108 7ff6e378b710 __CxxCallCatchBlock 45 API calls 16107->16108 16109 7ff6e3792cc9 16108->16109 16117 7ff6e378536c EnterCriticalSection 16110->16117 16119 7ff6e37728ac 16118->16119 16120 7ff6e3784ac4 49 API calls 16119->16120 16121 7ff6e37728fd 16120->16121 16122 7ff6e37854c4 _get_daylight 11 API calls 16121->16122 16123 7ff6e3772902 16122->16123 16137 7ff6e37854e4 16123->16137 16126 7ff6e3771ef0 49 API calls 16127 7ff6e3772931 __scrt_get_show_window_mode 16126->16127 16128 7ff6e3778ae0 57 API calls 16127->16128 16129 7ff6e3772966 16128->16129 16130 7ff6e377296b 16129->16130 16131 7ff6e37729a3 MessageBoxA 16129->16131 16132 7ff6e3778ae0 57 API calls 16130->16132 16133 7ff6e37729bd 16131->16133 16134 7ff6e3772985 MessageBoxW 16132->16134 16135 7ff6e377bcc0 _wfindfirst32i64 8 API calls 16133->16135 16134->16133 16136 7ff6e37729cd 16135->16136 16136->15344 16138 7ff6e378b888 _get_daylight 11 API calls 16137->16138 16139 7ff6e37854fb 16138->16139 16140 7ff6e3772909 16139->16140 16141 7ff6e378f158 _get_daylight 11 API calls 16139->16141 16144 7ff6e378553b 16139->16144 16140->16126 16142 7ff6e3785530 16141->16142 16143 7ff6e378af0c __free_lconv_mon 11 API calls 16142->16143 16143->16144 16144->16140 16149 7ff6e378f828 16144->16149 16147 7ff6e378aec4 _wfindfirst32i64 17 API calls 16148 7ff6e3785580 16147->16148 16153 7ff6e378f845 16149->16153 16150 7ff6e378f84a 16151 7ff6e3785561 16150->16151 16152 7ff6e37854c4 _get_daylight 11 API calls 16150->16152 16151->16140 16151->16147 16154 7ff6e378f854 16152->16154 16153->16150 16153->16151 16156 7ff6e378f894 16153->16156 16155 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 16154->16155 16155->16151 16156->16151 16157 7ff6e37854c4 _get_daylight 11 API calls 16156->16157 16157->16154 16159 7ff6e3778c14 WideCharToMultiByte 16158->16159 16160 7ff6e3778c82 WideCharToMultiByte 16158->16160 16162 7ff6e3778c55 16159->16162 16163 7ff6e3778c3e 16159->16163 16161 7ff6e3778caf 16160->16161 16165 7ff6e3773f25 16160->16165 16164 7ff6e37729e0 57 API calls 16161->16164 16162->16160 16167 7ff6e3778c6b 16162->16167 16166 7ff6e37729e0 57 API calls 16163->16166 16164->16165 16165->15352 16165->15354 16166->16165 16168 7ff6e37729e0 57 API calls 16167->16168 16168->16165 16170 7ff6e3777bde 16169->16170 16171 7ff6e378a9b3 16169->16171 16170->15370 16171->16170 16172 7ff6e378aa3c __std_exception_copy 37 API calls 16171->16172 16173 7ff6e378a9e0 16172->16173 16173->16170 16174 7ff6e378aec4 _wfindfirst32i64 17 API calls 16173->16174 16175 7ff6e378aa10 16174->16175 16177 7ff6e3773fd0 116 API calls 16176->16177 16178 7ff6e3771ad6 16177->16178 16179 7ff6e3771c84 16178->16179 16181 7ff6e37782b0 83 API calls 16178->16181 16180 7ff6e377bcc0 _wfindfirst32i64 8 API calls 16179->16180 16182 7ff6e3771c98 16180->16182 16183 7ff6e3771b0e 16181->16183 16182->15380 16209 7ff6e3773e40 16182->16209 16207 7ff6e3771b3f 16183->16207 16215 7ff6e3780814 16183->16215 16185 7ff6e378018c 74 API calls 16185->16179 16186 7ff6e3771b28 16187 7ff6e3771b2c 16186->16187 16188 7ff6e3771b44 16186->16188 16189 7ff6e3772890 59 API calls 16187->16189 16219 7ff6e37804dc 16188->16219 16189->16207 16192 7ff6e3771b77 16195 7ff6e3780814 73 API calls 16192->16195 16193 7ff6e3771b5f 16194 7ff6e3772890 59 API calls 16193->16194 16194->16207 16196 7ff6e3771bc4 16195->16196 16197 7ff6e3771bd6 16196->16197 16198 7ff6e3771bee 16196->16198 16199 7ff6e3772890 59 API calls 16197->16199 16200 7ff6e37804dc _fread_nolock 53 API calls 16198->16200 16199->16207 16201 7ff6e3771c03 16200->16201 16202 7ff6e3771c09 16201->16202 16203 7ff6e3771c1e 16201->16203 16204 7ff6e3772890 59 API calls 16202->16204 16222 7ff6e3780250 16203->16222 16204->16207 16207->16185 16208 7ff6e3772b30 59 API calls 16208->16207 16210 7ff6e3771ef0 49 API calls 16209->16210 16211 7ff6e3773e5d 16210->16211 16211->15390 16213 7ff6e3771ef0 49 API calls 16212->16213 16214 7ff6e3774080 16213->16214 16214->15380 16214->16214 16216 7ff6e3780844 16215->16216 16228 7ff6e37805a4 16216->16228 16218 7ff6e378085d 16218->16186 16240 7ff6e37804fc 16219->16240 16223 7ff6e3780259 16222->16223 16227 7ff6e3771c32 16222->16227 16224 7ff6e37854c4 _get_daylight 11 API calls 16223->16224 16227->16207 16227->16208 16229 7ff6e378060e 16228->16229 16230 7ff6e37805ce 16228->16230 16229->16230 16232 7ff6e378061a 16229->16232 16231 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 16230->16231 16233 7ff6e37805f5 16231->16233 16239 7ff6e378536c EnterCriticalSection 16232->16239 16233->16218 16241 7ff6e3780526 16240->16241 16252 7ff6e3771b59 16240->16252 16242 7ff6e3780572 16241->16242 16243 7ff6e3780535 __scrt_get_show_window_mode 16241->16243 16241->16252 16253 7ff6e378536c EnterCriticalSection 16242->16253 16245 7ff6e37854c4 _get_daylight 11 API calls 16243->16245 16247 7ff6e378054a 16245->16247 16249 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 16247->16249 16249->16252 16252->16192 16252->16193 16255 7ff6e3777966 16254->16255 16256 7ff6e37779dd GetTempPathW 16255->16256 16257 7ff6e377798a 16255->16257 16258 7ff6e37779f2 16256->16258 16259 7ff6e3777b60 61 API calls 16257->16259 16293 7ff6e3772830 16258->16293 16260 7ff6e3777996 16259->16260 16317 7ff6e3777420 16260->16317 16266 7ff6e37779bc __vcrt_freefls 16266->16256 16272 7ff6e37779ca 16266->16272 16267 7ff6e377bcc0 _wfindfirst32i64 8 API calls 16268 7ff6e377154f 16267->16268 16268->15399 16268->15400 16270 7ff6e3777ab6 16274 7ff6e3778bf0 59 API calls 16270->16274 16271 7ff6e3777a0b __vcrt_freefls 16271->16270 16276 7ff6e3777a41 16271->16276 16297 7ff6e3788aa4 16271->16297 16300 7ff6e3778950 16271->16300 16273 7ff6e3772b30 59 API calls 16272->16273 16278 7ff6e3777ac7 __vcrt_freefls 16274->16278 16277 7ff6e3778ae0 57 API calls 16276->16277 16292 7ff6e3777a7a __vcrt_freefls 16276->16292 16279 7ff6e3777a57 16277->16279 16280 7ff6e3778ae0 57 API calls 16278->16280 16278->16292 16281 7ff6e3777a5c 16279->16281 16282 7ff6e3777a99 SetEnvironmentVariableW 16279->16282 16283 7ff6e3777ae5 16280->16283 16284 7ff6e3778ae0 57 API calls 16281->16284 16282->16292 16285 7ff6e3777b1d SetEnvironmentVariableW 16283->16285 16286 7ff6e3777aea 16283->16286 16287 7ff6e3777a6c 16284->16287 16285->16292 16288 7ff6e3778ae0 57 API calls 16286->16288 16289 7ff6e3787dec 38 API calls 16287->16289 16290 7ff6e3777afa 16288->16290 16289->16292 16291 7ff6e3787dec 38 API calls 16290->16291 16291->16292 16292->16267 16294 7ff6e3772855 16293->16294 16351 7ff6e3784d18 16294->16351 16545 7ff6e37886d0 16297->16545 16301 7ff6e377bc60 16300->16301 16302 7ff6e3778960 GetCurrentProcess OpenProcessToken 16301->16302 16303 7ff6e37789ab GetTokenInformation 16302->16303 16305 7ff6e3778a21 __vcrt_freefls 16302->16305 16304 7ff6e37789cd GetLastError 16303->16304 16306 7ff6e37789d8 16303->16306 16304->16305 16304->16306 16307 7ff6e3778a3a 16305->16307 16308 7ff6e3778a34 CloseHandle 16305->16308 16306->16305 16309 7ff6e37789ee GetTokenInformation 16306->16309 16676 7ff6e3778650 16307->16676 16308->16307 16309->16305 16311 7ff6e3778a14 ConvertSidToStringSidW 16309->16311 16311->16305 16318 7ff6e377742c 16317->16318 16319 7ff6e3778ae0 57 API calls 16318->16319 16320 7ff6e377744e 16319->16320 16321 7ff6e3777469 ExpandEnvironmentStringsW 16320->16321 16322 7ff6e3777456 16320->16322 16324 7ff6e377748f __vcrt_freefls 16321->16324 16323 7ff6e3772b30 59 API calls 16322->16323 16329 7ff6e3777462 16323->16329 16325 7ff6e37774a6 16324->16325 16326 7ff6e3777493 16324->16326 16331 7ff6e37774b4 16325->16331 16332 7ff6e37774c0 16325->16332 16327 7ff6e3772b30 59 API calls 16326->16327 16327->16329 16328 7ff6e377bcc0 _wfindfirst32i64 8 API calls 16330 7ff6e3777588 16328->16330 16329->16328 16330->16292 16341 7ff6e3787dec 16330->16341 16680 7ff6e37879a4 16331->16680 16687 7ff6e3786328 16332->16687 16335 7ff6e37774be 16336 7ff6e37774da 16335->16336 16339 7ff6e37774ed __scrt_get_show_window_mode 16335->16339 16337 7ff6e3772b30 59 API calls 16336->16337 16337->16329 16338 7ff6e3777562 CreateDirectoryW 16338->16329 16339->16338 16340 7ff6e377753c CreateDirectoryW 16339->16340 16340->16339 16342 7ff6e3787e0c 16341->16342 16343 7ff6e3787df9 16341->16343 16788 7ff6e3787a70 16342->16788 16344 7ff6e37854c4 _get_daylight 11 API calls 16343->16344 16346 7ff6e3787dfe 16344->16346 16348 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 16346->16348 16349 7ff6e3787e0a 16348->16349 16349->16266 16355 7ff6e3784d72 16351->16355 16352 7ff6e3784d97 16353 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 16352->16353 16357 7ff6e3784dc1 16353->16357 16354 7ff6e3784dd3 16369 7ff6e37830d0 16354->16369 16355->16352 16355->16354 16358 7ff6e377bcc0 _wfindfirst32i64 8 API calls 16357->16358 16362 7ff6e3772874 16358->16362 16359 7ff6e378af0c __free_lconv_mon 11 API calls 16359->16357 16361 7ff6e3784e80 16363 7ff6e3784eb4 16361->16363 16365 7ff6e3784e89 16361->16365 16362->16271 16363->16359 16364 7ff6e3784eda 16364->16363 16366 7ff6e3784ee4 16364->16366 16367 7ff6e378af0c __free_lconv_mon 11 API calls 16365->16367 16368 7ff6e378af0c __free_lconv_mon 11 API calls 16366->16368 16367->16357 16368->16357 16370 7ff6e378310e 16369->16370 16371 7ff6e37830fe 16369->16371 16372 7ff6e3783117 16370->16372 16377 7ff6e3783145 16370->16377 16374 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 16371->16374 16375 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 16372->16375 16373 7ff6e378313d 16373->16361 16373->16363 16373->16364 16373->16365 16374->16373 16375->16373 16377->16371 16377->16373 16380 7ff6e3783ae4 16377->16380 16413 7ff6e3783530 16377->16413 16450 7ff6e3782cc0 16377->16450 16381 7ff6e3783b97 16380->16381 16382 7ff6e3783b26 16380->16382 16385 7ff6e3783b9c 16381->16385 16386 7ff6e3783bf0 16381->16386 16383 7ff6e3783b2c 16382->16383 16384 7ff6e3783bc1 16382->16384 16387 7ff6e3783b31 16383->16387 16388 7ff6e3783b60 16383->16388 16469 7ff6e3781e94 16384->16469 16389 7ff6e3783bd1 16385->16389 16390 7ff6e3783b9e 16385->16390 16392 7ff6e3783c07 16386->16392 16394 7ff6e3783bfa 16386->16394 16398 7ff6e3783bff 16386->16398 16387->16392 16395 7ff6e3783b37 16387->16395 16388->16395 16388->16398 16476 7ff6e3781a84 16389->16476 16393 7ff6e3783b40 16390->16393 16402 7ff6e3783bad 16390->16402 16483 7ff6e37847ec 16392->16483 16411 7ff6e3783c30 16393->16411 16453 7ff6e3784298 16393->16453 16394->16384 16394->16398 16395->16393 16401 7ff6e3783b72 16395->16401 16409 7ff6e3783b5b 16395->16409 16398->16411 16487 7ff6e37822a4 16398->16487 16401->16411 16463 7ff6e37845d4 16401->16463 16402->16384 16403 7ff6e3783bb2 16402->16403 16407 7ff6e3784698 37 API calls 16403->16407 16403->16411 16405 7ff6e377bcc0 _wfindfirst32i64 8 API calls 16406 7ff6e3783f2a 16405->16406 16406->16377 16407->16409 16408 7ff6e3784900 45 API calls 16412 7ff6e3783e1c 16408->16412 16409->16408 16409->16411 16409->16412 16411->16405 16412->16411 16494 7ff6e378efc8 16412->16494 16414 7ff6e3783554 16413->16414 16415 7ff6e378353e 16413->16415 16416 7ff6e3783594 16414->16416 16417 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 16414->16417 16415->16416 16418 7ff6e3783b97 16415->16418 16419 7ff6e3783b26 16415->16419 16416->16377 16417->16416 16422 7ff6e3783b9c 16418->16422 16423 7ff6e3783bf0 16418->16423 16420 7ff6e3783b2c 16419->16420 16421 7ff6e3783bc1 16419->16421 16424 7ff6e3783b31 16420->16424 16425 7ff6e3783b60 16420->16425 16427 7ff6e3781e94 38 API calls 16421->16427 16429 7ff6e3783bd1 16422->16429 16431 7ff6e3783b9e 16422->16431 16426 7ff6e3783bff 16423->16426 16428 7ff6e3783c07 16423->16428 16432 7ff6e3783bfa 16423->16432 16424->16428 16433 7ff6e3783b37 16424->16433 16425->16426 16425->16433 16438 7ff6e37822a4 38 API calls 16426->16438 16449 7ff6e3783c30 16426->16449 16446 7ff6e3783b5b 16427->16446 16436 7ff6e37847ec 45 API calls 16428->16436 16434 7ff6e3781a84 38 API calls 16429->16434 16430 7ff6e3783b40 16435 7ff6e3784298 47 API calls 16430->16435 16430->16449 16431->16430 16439 7ff6e3783bad 16431->16439 16432->16421 16432->16426 16433->16430 16437 7ff6e3783b72 16433->16437 16433->16446 16434->16446 16435->16446 16436->16446 16440 7ff6e37845d4 46 API calls 16437->16440 16437->16449 16438->16446 16439->16421 16441 7ff6e3783bb2 16439->16441 16440->16446 16444 7ff6e3784698 37 API calls 16441->16444 16441->16449 16442 7ff6e377bcc0 _wfindfirst32i64 8 API calls 16443 7ff6e3783f2a 16442->16443 16443->16377 16444->16446 16445 7ff6e3784900 45 API calls 16448 7ff6e3783e1c 16445->16448 16446->16445 16446->16448 16446->16449 16447 7ff6e378efc8 46 API calls 16447->16448 16448->16447 16448->16449 16449->16442 16528 7ff6e3781108 16450->16528 16454 7ff6e37842be 16453->16454 16455 7ff6e3780cc0 12 API calls 16454->16455 16456 7ff6e378430e 16455->16456 16457 7ff6e378eb30 46 API calls 16456->16457 16458 7ff6e37843e1 16457->16458 16465 7ff6e3784609 16463->16465 16464 7ff6e3784627 16467 7ff6e378efc8 46 API calls 16464->16467 16465->16464 16466 7ff6e3784900 45 API calls 16465->16466 16468 7ff6e378464e 16465->16468 16466->16464 16467->16468 16468->16409 16470 7ff6e3781ec7 16469->16470 16471 7ff6e3781ef6 16470->16471 16473 7ff6e3781fb3 16470->16473 16475 7ff6e3781f33 16471->16475 16506 7ff6e3780d68 16471->16506 16474 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 16473->16474 16474->16475 16475->16409 16477 7ff6e3781ab7 16476->16477 16478 7ff6e3781ae6 16477->16478 16480 7ff6e3781ba3 16477->16480 16479 7ff6e3780d68 12 API calls 16478->16479 16482 7ff6e3781b23 16478->16482 16479->16482 16481 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 16480->16481 16481->16482 16482->16409 16484 7ff6e378482f 16483->16484 16486 7ff6e3784833 __crtLCMapStringW 16484->16486 16514 7ff6e3784888 16484->16514 16486->16409 16488 7ff6e37822d7 16487->16488 16489 7ff6e3782306 16488->16489 16491 7ff6e37823c3 16488->16491 16490 7ff6e3780d68 12 API calls 16489->16490 16493 7ff6e3782343 16489->16493 16490->16493 16492 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 16491->16492 16492->16493 16493->16409 16495 7ff6e378f007 16494->16495 16496 7ff6e378eff9 16494->16496 16495->16412 16496->16495 16497 7ff6e378f027 16496->16497 16498 7ff6e3784900 45 API calls 16496->16498 16499 7ff6e378f05f 16497->16499 16500 7ff6e378f038 16497->16500 16498->16497 16499->16495 16507 7ff6e3780d9f 16506->16507 16513 7ff6e3780d8e 16506->16513 16508 7ff6e378dbbc _fread_nolock 12 API calls 16507->16508 16507->16513 16509 7ff6e3780dd0 16508->16509 16510 7ff6e3780de4 16509->16510 16513->16475 16515 7ff6e37848a6 16514->16515 16516 7ff6e37848ae 16514->16516 16517 7ff6e3784900 45 API calls 16515->16517 16516->16486 16517->16516 16529 7ff6e378113d 16528->16529 16530 7ff6e378114f 16528->16530 16531 7ff6e37854c4 _get_daylight 11 API calls 16529->16531 16533 7ff6e378115d 16530->16533 16536 7ff6e3781199 16530->16536 16532 7ff6e3781142 16531->16532 16534 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 16532->16534 16535 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 16533->16535 16542 7ff6e378114d 16534->16542 16535->16542 16537 7ff6e3781515 16536->16537 16539 7ff6e37854c4 _get_daylight 11 API calls 16536->16539 16538 7ff6e37854c4 _get_daylight 11 API calls 16537->16538 16537->16542 16540 7ff6e37817a9 16538->16540 16541 7ff6e378150a 16539->16541 16543 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 16540->16543 16544 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 16541->16544 16542->16377 16543->16542 16544->16537 16586 7ff6e3791bc8 16545->16586 16645 7ff6e3791940 16586->16645 16666 7ff6e3790cb8 EnterCriticalSection 16645->16666 16677 7ff6e3778675 16676->16677 16678 7ff6e3784d18 48 API calls 16677->16678 16679 7ff6e3778698 LocalFree ConvertStringSecurityDescriptorToSecurityDescriptorW 16678->16679 16681 7ff6e37879f5 16680->16681 16682 7ff6e37879c2 16680->16682 16681->16335 16682->16681 16699 7ff6e3790e54 16682->16699 16685 7ff6e378aec4 _wfindfirst32i64 17 API calls 16686 7ff6e3787a25 16685->16686 16688 7ff6e3786344 16687->16688 16689 7ff6e37863b2 16687->16689 16688->16689 16691 7ff6e3786349 16688->16691 16733 7ff6e37904a0 16689->16733 16692 7ff6e3786361 16691->16692 16693 7ff6e378637e 16691->16693 16708 7ff6e37860f8 GetFullPathNameW 16692->16708 16716 7ff6e378616c GetFullPathNameW 16693->16716 16698 7ff6e3786376 __vcrt_freefls 16698->16335 16700 7ff6e3790e61 16699->16700 16702 7ff6e3790e6b 16699->16702 16700->16702 16706 7ff6e3790e87 16700->16706 16701 7ff6e37854c4 _get_daylight 11 API calls 16703 7ff6e3790e73 16701->16703 16702->16701 16704 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 16703->16704 16705 7ff6e37879f1 16704->16705 16705->16681 16705->16685 16706->16705 16707 7ff6e37854c4 _get_daylight 11 API calls 16706->16707 16707->16703 16709 7ff6e3786134 16708->16709 16710 7ff6e378611e GetLastError 16708->16710 16712 7ff6e3786130 16709->16712 16715 7ff6e37854c4 _get_daylight 11 API calls 16709->16715 16711 7ff6e3785438 _fread_nolock 11 API calls 16710->16711 16713 7ff6e378612b 16711->16713 16712->16698 16714 7ff6e37854c4 _get_daylight 11 API calls 16713->16714 16714->16712 16715->16712 16717 7ff6e378619f GetLastError 16716->16717 16721 7ff6e37861b5 __vcrt_freefls 16716->16721 16718 7ff6e3785438 _fread_nolock 11 API calls 16717->16718 16719 7ff6e37861ac 16718->16719 16720 7ff6e37854c4 _get_daylight 11 API calls 16719->16720 16722 7ff6e37861b1 16720->16722 16721->16722 16723 7ff6e378620f GetFullPathNameW 16721->16723 16724 7ff6e3786244 16722->16724 16723->16717 16723->16722 16727 7ff6e37862b8 memcpy_s 16724->16727 16728 7ff6e378626d __scrt_get_show_window_mode 16724->16728 16725 7ff6e37862a1 16727->16698 16728->16725 16728->16727 16730 7ff6e37862da 16728->16730 16730->16727 16736 7ff6e37902b0 16733->16736 16737 7ff6e37902f2 16736->16737 16738 7ff6e37902db 16736->16738 16740 7ff6e37902f6 16737->16740 16741 7ff6e3790317 16737->16741 16739 7ff6e37854c4 _get_daylight 11 API calls 16738->16739 16743 7ff6e37902e0 16739->16743 16762 7ff6e379041c 16740->16762 16774 7ff6e378f918 16741->16774 16747 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 16743->16747 16761 7ff6e37902eb __vcrt_freefls 16747->16761 16753 7ff6e377bcc0 _wfindfirst32i64 8 API calls 16761->16753 16763 7ff6e3790466 16762->16763 16764 7ff6e3790436 16762->16764 16766 7ff6e3790471 GetDriveTypeW 16763->16766 16767 7ff6e3790451 16763->16767 16765 7ff6e37854a4 _fread_nolock 11 API calls 16764->16765 16768 7ff6e379043b 16765->16768 16766->16767 16775 7ff6e377d0e0 __scrt_get_show_window_mode 16774->16775 16776 7ff6e378f94e GetCurrentDirectoryW 16775->16776 16777 7ff6e378f965 16776->16777 16778 7ff6e378f98c 16776->16778 16795 7ff6e3790cb8 EnterCriticalSection 16788->16795 16797 7ff6e3771726 16796->16797 16798 7ff6e377173e 16796->16798 16799 7ff6e3772b30 59 API calls 16797->16799 16800 7ff6e3771768 16798->16800 16801 7ff6e3771744 16798->16801 16802 7ff6e3771732 16799->16802 16889 7ff6e3777c10 16800->16889 16926 7ff6e37712b0 16801->16926 16802->15424 16807 7ff6e377178d 16810 7ff6e3772890 59 API calls 16807->16810 16808 7ff6e37717b9 16811 7ff6e3773fd0 116 API calls 16808->16811 16809 7ff6e377175f 16809->15424 16813 7ff6e37717a3 16810->16813 16814 7ff6e37717ce 16811->16814 16812 7ff6e3772b30 59 API calls 16812->16809 16813->15424 16815 7ff6e37717d6 16814->16815 16816 7ff6e37717ee 16814->16816 16817 7ff6e3772b30 59 API calls 16815->16817 16818 7ff6e3780814 73 API calls 16816->16818 16819 7ff6e37717e5 16817->16819 16820 7ff6e37717ff 16818->16820 16839 7ff6e3772d86 16838->16839 16840 7ff6e3771ef0 49 API calls 16839->16840 16841 7ff6e3772db9 16840->16841 16842 7ff6e3773e40 49 API calls 16841->16842 16888 7ff6e37730ea 16841->16888 16843 7ff6e3772e27 16842->16843 16844 7ff6e3773e40 49 API calls 16843->16844 16845 7ff6e3772e38 16844->16845 16846 7ff6e3772e59 16845->16846 16847 7ff6e3772e95 16845->16847 17061 7ff6e37731b0 16846->17061 16849 7ff6e37731b0 75 API calls 16847->16849 16850 7ff6e3772e93 16849->16850 16851 7ff6e3772f16 16850->16851 16852 7ff6e3772ed4 16850->16852 16854 7ff6e37731b0 75 API calls 16851->16854 17069 7ff6e37775a0 16852->17069 16858 7ff6e3772f40 16854->16858 16859 7ff6e37731b0 75 API calls 16858->16859 16866 7ff6e3772fdc 16858->16866 16861 7ff6e3772f72 16859->16861 16861->16866 16862 7ff6e3771eb0 59 API calls 16866->16862 16881 7ff6e37730ef 16866->16881 16890 7ff6e3777c20 16889->16890 16891 7ff6e3771ef0 49 API calls 16890->16891 16892 7ff6e3777c61 16891->16892 16907 7ff6e3777ce1 16892->16907 16969 7ff6e3773f60 16892->16969 16894 7ff6e377bcc0 _wfindfirst32i64 8 API calls 16895 7ff6e3771785 16894->16895 16895->16807 16895->16808 16896 7ff6e3777d1b 16975 7ff6e37777c0 16896->16975 16899 7ff6e3777d04 16904 7ff6e3772c50 59 API calls 16899->16904 16900 7ff6e3777cd0 16989 7ff6e3772c50 16900->16989 16901 7ff6e3777b60 61 API calls 16905 7ff6e3777c92 __vcrt_freefls 16901->16905 16904->16896 16905->16899 16905->16900 16907->16894 16927 7ff6e37712c2 16926->16927 16928 7ff6e3773fd0 116 API calls 16927->16928 16929 7ff6e37712f2 16928->16929 16930 7ff6e37712fa 16929->16930 16931 7ff6e3771311 16929->16931 16933 7ff6e3772b30 59 API calls 16930->16933 16932 7ff6e3780814 73 API calls 16931->16932 16934 7ff6e3771323 16932->16934 16961 7ff6e377130a __vcrt_freefls 16933->16961 16935 7ff6e377134d 16934->16935 16936 7ff6e3771327 16934->16936 16941 7ff6e3771368 16935->16941 16942 7ff6e3771390 16935->16942 16937 7ff6e3772890 59 API calls 16936->16937 16938 7ff6e377133e 16937->16938 16940 7ff6e378018c 74 API calls 16938->16940 16939 7ff6e377bcc0 _wfindfirst32i64 8 API calls 16944 7ff6e3771454 16939->16944 16940->16961 16945 7ff6e3772890 59 API calls 16941->16945 16943 7ff6e37713aa 16942->16943 16956 7ff6e3771463 16942->16956 16946 7ff6e3771050 98 API calls 16943->16946 16944->16809 16944->16812 16948 7ff6e3771383 16945->16948 16949 7ff6e37713bb 16946->16949 16947 7ff6e37713c3 16950 7ff6e378018c 74 API calls 16947->16950 16951 7ff6e378018c 74 API calls 16948->16951 16949->16947 16952 7ff6e37714d2 __vcrt_freefls 16949->16952 16953 7ff6e37713cf 16950->16953 16951->16961 16954 7ff6e37804dc _fread_nolock 53 API calls 16954->16956 16956->16947 16956->16954 16958 7ff6e37714bb 16956->16958 16960 7ff6e3772890 59 API calls 16958->16960 16960->16952 16961->16939 16970 7ff6e3773f6a 16969->16970 16971 7ff6e3778ae0 57 API calls 16970->16971 16972 7ff6e3773f92 16971->16972 16973 7ff6e377bcc0 _wfindfirst32i64 8 API calls 16972->16973 16974 7ff6e3773fba 16973->16974 16974->16896 16974->16901 16974->16905 16976 7ff6e37777d0 16975->16976 17062 7ff6e37731e4 17061->17062 17063 7ff6e3784ac4 49 API calls 17062->17063 17064 7ff6e377320a 17063->17064 17065 7ff6e377321b 17064->17065 17121 7ff6e3785dec 17064->17121 17067 7ff6e377bcc0 _wfindfirst32i64 8 API calls 17065->17067 17068 7ff6e3773239 17067->17068 17068->16850 17070 7ff6e37775ae 17069->17070 17071 7ff6e3773fd0 116 API calls 17070->17071 17072 7ff6e37775dd 17071->17072 17122 7ff6e3785e09 17121->17122 17123 7ff6e3785e15 17121->17123 17138 7ff6e3785700 17122->17138 17163 7ff6e3784f98 17123->17163 17346 7ff6e377bf2e RtlLookupFunctionEntry 17345->17346 17347 7ff6e377bd4b 17346->17347 17348 7ff6e377bf44 RtlVirtualUnwind 17346->17348 17349 7ff6e377bce0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17347->17349 17348->17346 17348->17347 17351 7ff6e37863dc 17350->17351 17352 7ff6e3786402 17351->17352 17354 7ff6e3786435 17351->17354 17353 7ff6e37854c4 _get_daylight 11 API calls 17352->17353 17355 7ff6e3786407 17353->17355 17356 7ff6e378643b 17354->17356 17357 7ff6e3786448 17354->17357 17358 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 17355->17358 17360 7ff6e37854c4 _get_daylight 11 API calls 17356->17360 17369 7ff6e378b1ec 17357->17369 17359 7ff6e3774029 17358->17359 17359->15487 17360->17359 17382 7ff6e3790cb8 EnterCriticalSection 17369->17382 17730 7ff6e37890a0 17729->17730 17733 7ff6e3788b7c 17730->17733 17734 7ff6e3788bc6 17733->17734 17735 7ff6e3788b97 17733->17735 17743 7ff6e378536c EnterCriticalSection 17734->17743 17737 7ff6e378add8 _invalid_parameter_noinfo 37 API calls 17735->17737 17745 7ff6e377ff83 17744->17745 17746 7ff6e377ffb1 17744->17746 17756 7ff6e3773fd0 116 API calls 17755->17756 17757 7ff6e37715c7 17756->17757 17758 7ff6e37715f0 17757->17758 17759 7ff6e37715cf 17757->17759 17761 7ff6e3780814 73 API calls 17758->17761 17760 7ff6e3772b30 59 API calls 17759->17760 17762 7ff6e37715df 17760->17762 17763 7ff6e3771601 17761->17763 17762->15506 17764 7ff6e3771605 17763->17764 17765 7ff6e3771621 17763->17765 17766 7ff6e3772890 59 API calls 17764->17766 17767 7ff6e3771651 17765->17767 17768 7ff6e3771631 17765->17768 17776 7ff6e377161c __vcrt_freefls 17766->17776 17769 7ff6e3771666 17767->17769 17775 7ff6e377167d 17767->17775 17771 7ff6e3772890 59 API calls 17768->17771 17772 7ff6e3771050 98 API calls 17769->17772 17770 7ff6e378018c 74 API calls 17773 7ff6e37716f7 17770->17773 17771->17776 17772->17776 17773->15506 17774 7ff6e37804dc _fread_nolock 53 API calls 17774->17775 17775->17774 17775->17776 17777 7ff6e37716be 17775->17777 17776->17770 17778 7ff6e3772890 59 API calls 17777->17778 17778->17776 17781 7ff6e37719d3 17779->17781 17782 7ff6e377196f 17779->17782 17780 7ff6e3785070 45 API calls 17780->17782 17781->15524 17782->17780 17782->17781 17784 7ff6e3778ae0 57 API calls 17783->17784 17785 7ff6e3778277 LoadLibraryExW 17784->17785 17786 7ff6e3778294 __vcrt_freefls 17785->17786 17786->15533 17846->15548 17847->15549 17849 7ff6e3775bd0 17848->17849 17850 7ff6e3771ef0 49 API calls 17849->17850 17851 7ff6e3775c02 17850->17851 17852 7ff6e3775c0b 17851->17852 17854 7ff6e3775c2b 17851->17854 17853 7ff6e3772b30 59 API calls 17852->17853 17857 7ff6e3775c21 17853->17857 17855 7ff6e3775c82 17854->17855 17858 7ff6e3774050 49 API calls 17854->17858 17856 7ff6e3774050 49 API calls 17855->17856 17859 7ff6e3775c9b 17856->17859 17861 7ff6e377bcc0 _wfindfirst32i64 8 API calls 17857->17861 17860 7ff6e3775c4c 17858->17860 17862 7ff6e3775cb9 17859->17862 17865 7ff6e3772b30 59 API calls 17859->17865 17863 7ff6e3775c6a 17860->17863 17867 7ff6e3772b30 59 API calls 17860->17867 17864 7ff6e377346e 17861->17864 17866 7ff6e3778260 58 API calls 17862->17866 17868 7ff6e3773f60 57 API calls 17863->17868 17864->15560 17876 7ff6e3775d20 17864->17876 17865->17862 17870 7ff6e3775cc6 17866->17870 17867->17863 17869 7ff6e3775c74 17868->17869 17869->17855 17873 7ff6e3778260 58 API calls 17869->17873 17871 7ff6e3775ced 17870->17871 17872 7ff6e3775ccb 17870->17872 17946 7ff6e37751e0 GetProcAddress 17871->17946 17874 7ff6e37729e0 57 API calls 17872->17874 17873->17855 17874->17857 18030 7ff6e3774de0 17876->18030 17878 7ff6e3775d44 17879 7ff6e3775d4c 17878->17879 17880 7ff6e3775d5d 17878->17880 17881 7ff6e3772b30 59 API calls 17879->17881 18037 7ff6e3774530 17880->18037 17947 7ff6e3775202 17946->17947 17948 7ff6e3775220 GetProcAddress 17946->17948 17950 7ff6e37729e0 57 API calls 17947->17950 17948->17947 17949 7ff6e3775245 GetProcAddress 17948->17949 17949->17947 17951 7ff6e377526a GetProcAddress 17949->17951 17952 7ff6e3775215 17950->17952 17951->17947 17952->17857 18031 7ff6e3774e05 18030->18031 18032 7ff6e3774e0d 18031->18032 18035 7ff6e3774f9f 18031->18035 18072 7ff6e3786fb8 18031->18072 18032->17878 18033 7ff6e377514a __vcrt_freefls 18033->17878 18034 7ff6e3774250 47 API calls 18034->18035 18035->18033 18035->18034 18073 7ff6e3786fe8 18072->18073 18076 7ff6e37864b4 18073->18076 18077 7ff6e37864f7 18076->18077 18078 7ff6e37864e5 18076->18078 18208 7ff6e378b710 __CxxCallCatchBlock 45 API calls 18207->18208 18209 7ff6e378a971 18208->18209 18210 7ff6e378aa9c __CxxCallCatchBlock 45 API calls 18209->18210 18211 7ff6e378a991 18210->18211 19754 7ff6e378b590 19755 7ff6e378b595 19754->19755 19759 7ff6e378b5aa 19754->19759 19760 7ff6e378b5b0 19755->19760 19761 7ff6e378b5fa 19760->19761 19762 7ff6e378b5f2 19760->19762 19764 7ff6e378af0c __free_lconv_mon 11 API calls 19761->19764 19763 7ff6e378af0c __free_lconv_mon 11 API calls 19762->19763 19763->19761 19765 7ff6e378b607 19764->19765 19766 7ff6e378af0c __free_lconv_mon 11 API calls 19765->19766 19767 7ff6e378b614 19766->19767 19768 7ff6e378af0c __free_lconv_mon 11 API calls 19767->19768 19769 7ff6e378b621 19768->19769 19770 7ff6e378af0c __free_lconv_mon 11 API calls 19769->19770 19771 7ff6e378b62e 19770->19771 19772 7ff6e378af0c __free_lconv_mon 11 API calls 19771->19772 19773 7ff6e378b63b 19772->19773 19774 7ff6e378af0c __free_lconv_mon 11 API calls 19773->19774 19775 7ff6e378b648 19774->19775 19776 7ff6e378af0c __free_lconv_mon 11 API calls 19775->19776 19777 7ff6e378b655 19776->19777 19778 7ff6e378af0c __free_lconv_mon 11 API calls 19777->19778 19779 7ff6e378b665 19778->19779 19780 7ff6e378af0c __free_lconv_mon 11 API calls 19779->19780 19781 7ff6e378b675 19780->19781 19786 7ff6e378b458 19781->19786 19800 7ff6e3790cb8 EnterCriticalSection 19786->19800 19802 7ff6e379ab89 19803 7ff6e379aba2 19802->19803 19804 7ff6e379ab98 19802->19804 19806 7ff6e3790d18 LeaveCriticalSection 19804->19806 19175 7ff6e3785310 19176 7ff6e378531b 19175->19176 19184 7ff6e378f764 19176->19184 19197 7ff6e3790cb8 EnterCriticalSection 19184->19197 19807 7ff6e377bf90 19808 7ff6e377bfa0 19807->19808 19824 7ff6e378a138 19808->19824 19810 7ff6e377bfac 19830 7ff6e377c298 19810->19830 19812 7ff6e377c019 19813 7ff6e377c57c 7 API calls 19812->19813 19823 7ff6e377c035 19812->19823 19815 7ff6e377c045 19813->19815 19814 7ff6e377bfc4 _RTC_Initialize 19814->19812 19835 7ff6e377c448 19814->19835 19817 7ff6e377bfd9 19838 7ff6e37895a4 19817->19838 19825 7ff6e378a149 19824->19825 19826 7ff6e378a151 19825->19826 19827 7ff6e37854c4 _get_daylight 11 API calls 19825->19827 19826->19810 19828 7ff6e378a160 19827->19828 19829 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 19828->19829 19829->19826 19831 7ff6e377c2a9 19830->19831 19834 7ff6e377c2ae __scrt_acquire_startup_lock 19830->19834 19832 7ff6e377c57c 7 API calls 19831->19832 19831->19834 19833 7ff6e377c322 19832->19833 19834->19814 19863 7ff6e377c40c 19835->19863 19837 7ff6e377c451 19837->19817 19839 7ff6e37895c4 19838->19839 19853 7ff6e377bfe5 19838->19853 19840 7ff6e37895e2 GetModuleFileNameW 19839->19840 19841 7ff6e37895cc 19839->19841 19845 7ff6e378960d 19840->19845 19842 7ff6e37854c4 _get_daylight 11 API calls 19841->19842 19843 7ff6e37895d1 19842->19843 19844 7ff6e378aea4 _invalid_parameter_noinfo 37 API calls 19843->19844 19844->19853 19846 7ff6e3789544 11 API calls 19845->19846 19847 7ff6e378964d 19846->19847 19848 7ff6e3789655 19847->19848 19851 7ff6e378966d 19847->19851 19849 7ff6e37854c4 _get_daylight 11 API calls 19848->19849 19850 7ff6e378965a 19849->19850 19852 7ff6e378af0c __free_lconv_mon 11 API calls 19850->19852 19855 7ff6e37896d4 19851->19855 19856 7ff6e37896bb 19851->19856 19861 7ff6e378968f 19851->19861 19852->19853 19853->19812 19862 7ff6e377c51c InitializeSListHead 19853->19862 19854 7ff6e378af0c __free_lconv_mon 11 API calls 19854->19853 19859 7ff6e378af0c __free_lconv_mon 11 API calls 19855->19859 19857 7ff6e378af0c __free_lconv_mon 11 API calls 19856->19857 19858 7ff6e37896c4 19857->19858 19860 7ff6e378af0c __free_lconv_mon 11 API calls 19858->19860 19859->19861 19860->19853 19861->19854 19864 7ff6e377c426 19863->19864 19866 7ff6e377c41f 19863->19866 19867 7ff6e378a77c 19864->19867 19866->19837 19870 7ff6e378a3b8 19867->19870 19877 7ff6e3790cb8 EnterCriticalSection 19870->19877 19206 7ff6e3791d20 19217 7ff6e3797cb4 19206->19217 19218 7ff6e3797cc1 19217->19218 19219 7ff6e378af0c __free_lconv_mon 11 API calls 19218->19219 19220 7ff6e3797cdd 19218->19220 19219->19218 19221 7ff6e378af0c __free_lconv_mon 11 API calls 19220->19221 19222 7ff6e3791d29 19220->19222 19221->19220 19223 7ff6e3790cb8 EnterCriticalSection 19222->19223

                                                                                                                                Executed Functions

                                                                                                                                Function 00007FF6E3796370 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 133 7ff6e3796370-7ff6e37963ab call 7ff6e3795cf8 call 7ff6e3795d00 call 7ff6e3795d68 140 7ff6e37963b1-7ff6e37963bc call 7ff6e3795d08 133->140 141 7ff6e37965d5-7ff6e3796621 call 7ff6e378aec4 call 7ff6e3795cf8 call 7ff6e3795d00 call 7ff6e3795d68 133->141 140->141 146 7ff6e37963c2-7ff6e37963cc 140->146 167 7ff6e379675f-7ff6e37967cd call 7ff6e378aec4 call 7ff6e3791be8 141->167 168 7ff6e3796627-7ff6e3796632 call 7ff6e3795d08 141->168 148 7ff6e37963ee-7ff6e37963f2 146->148 149 7ff6e37963ce-7ff6e37963d1 146->149 153 7ff6e37963f5-7ff6e37963fd 148->153 152 7ff6e37963d4-7ff6e37963df 149->152 156 7ff6e37963e1-7ff6e37963e8 152->156 157 7ff6e37963ea-7ff6e37963ec 152->157 153->153 154 7ff6e37963ff-7ff6e3796412 call 7ff6e378dbbc 153->154 163 7ff6e3796414-7ff6e3796416 call 7ff6e378af0c 154->163 164 7ff6e379642a-7ff6e3796436 call 7ff6e378af0c 154->164 156->152 156->157 157->148 160 7ff6e379641b-7ff6e3796429 157->160 163->160 174 7ff6e379643d-7ff6e3796445 164->174 187 7ff6e37967cf-7ff6e37967d6 167->187 188 7ff6e37967db-7ff6e37967de 167->188 168->167 176 7ff6e3796638-7ff6e3796643 call 7ff6e3795d38 168->176 174->174 177 7ff6e3796447-7ff6e3796458 call 7ff6e3790e54 174->177 176->167 185 7ff6e3796649-7ff6e379666c call 7ff6e378af0c GetTimeZoneInformation 176->185 177->141 186 7ff6e379645e-7ff6e37964b4 call 7ff6e377d0e0 * 4 call 7ff6e379628c 177->186 204 7ff6e3796672-7ff6e3796693 185->204 205 7ff6e3796734-7ff6e379675e call 7ff6e3795cf0 call 7ff6e3795ce0 call 7ff6e3795ce8 185->205 245 7ff6e37964b6-7ff6e37964ba 186->245 189 7ff6e379686b-7ff6e379686e 187->189 190 7ff6e37967e0 188->190 191 7ff6e3796815-7ff6e3796828 call 7ff6e378dbbc 188->191 194 7ff6e37967e3 189->194 195 7ff6e3796874-7ff6e379687c call 7ff6e3796370 189->195 190->194 210 7ff6e3796833-7ff6e379684e call 7ff6e3791be8 191->210 211 7ff6e379682a 191->211 200 7ff6e37967e8-7ff6e3796814 call 7ff6e378af0c call 7ff6e377bcc0 194->200 201 7ff6e37967e3 call 7ff6e37965ec 194->201 195->200 201->200 212 7ff6e379669e-7ff6e37966a5 204->212 213 7ff6e3796695-7ff6e379669b 204->213 231 7ff6e3796850-7ff6e3796853 210->231 232 7ff6e3796855-7ff6e3796867 call 7ff6e378af0c 210->232 220 7ff6e379682c-7ff6e3796831 call 7ff6e378af0c 211->220 214 7ff6e37966a7-7ff6e37966af 212->214 215 7ff6e37966b9 212->215 213->212 214->215 221 7ff6e37966b1-7ff6e37966b7 214->221 225 7ff6e37966bb-7ff6e379672f call 7ff6e377d0e0 * 4 call 7ff6e37931cc call 7ff6e3796884 * 2 215->225 220->190 221->225 225->205 231->220 232->189 247 7ff6e37964c0-7ff6e37964c4 245->247 248 7ff6e37964bc 245->248 247->245 250 7ff6e37964c6-7ff6e37964eb call 7ff6e378706c 247->250 248->247 256 7ff6e37964ee-7ff6e37964f2 250->256 258 7ff6e3796501-7ff6e3796505 256->258 259 7ff6e37964f4-7ff6e37964ff 256->259 258->256 259->258 261 7ff6e3796507-7ff6e379650b 259->261 264 7ff6e379658c-7ff6e3796590 261->264 265 7ff6e379650d-7ff6e3796535 call 7ff6e378706c 261->265 266 7ff6e3796592-7ff6e3796594 264->266 267 7ff6e3796597-7ff6e37965a4 264->267 273 7ff6e3796553-7ff6e3796557 265->273 274 7ff6e3796537 265->274 266->267 269 7ff6e37965bf-7ff6e37965ce call 7ff6e3795cf0 call 7ff6e3795ce0 267->269 270 7ff6e37965a6-7ff6e37965bc call 7ff6e379628c 267->270 269->141 270->269 273->264 279 7ff6e3796559-7ff6e3796577 call 7ff6e378706c 273->279 277 7ff6e379653a-7ff6e3796541 274->277 277->273 280 7ff6e3796543-7ff6e3796551 277->280 285 7ff6e3796583-7ff6e379658a 279->285 280->273 280->277 285->264 286 7ff6e3796579-7ff6e379657d 285->286 286->264 287 7ff6e379657f 286->287 287->285
                                                                                                                                APIs
                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF6E37963B5
                                                                                                                                  • Part of subcall function 00007FF6E3795D08: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E3795D1C
                                                                                                                                  • Part of subcall function 00007FF6E378AF0C: RtlFreeHeap.NTDLL(?,?,?,00007FF6E3793392,?,?,?,00007FF6E37933CF,?,?,00000000,00007FF6E3793895,?,?,00000000,00007FF6E37937C7), ref: 00007FF6E378AF22
                                                                                                                                  • Part of subcall function 00007FF6E378AF0C: GetLastError.KERNEL32(?,?,?,00007FF6E3793392,?,?,?,00007FF6E37933CF,?,?,00000000,00007FF6E3793895,?,?,00000000,00007FF6E37937C7), ref: 00007FF6E378AF2C
                                                                                                                                  • Part of subcall function 00007FF6E378AEC4: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6E378AEA3,?,?,?,?,?,00007FF6E37830CC), ref: 00007FF6E378AECD
                                                                                                                                  • Part of subcall function 00007FF6E378AEC4: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6E378AEA3,?,?,?,?,?,00007FF6E37830CC), ref: 00007FF6E378AEF2
                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF6E37963A4
                                                                                                                                  • Part of subcall function 00007FF6E3795D68: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E3795D7C
                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF6E379661A
                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF6E379662B
                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF6E379663C
                                                                                                                                • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6E379687C), ref: 00007FF6E3796663
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                • API String ID: 4070488512-239921721
                                                                                                                                • Opcode ID: 54e1ccf0b1e099ab2aef5fd1d20d70d6c7b19d4e9a74b58f9fc53268ba567377
                                                                                                                                • Instruction ID: 304a298191ad95dd42bddcfa02a4206322e2fd0c276ea120bd14e867065dadea
                                                                                                                                • Opcode Fuzzy Hash: 54e1ccf0b1e099ab2aef5fd1d20d70d6c7b19d4e9a74b58f9fc53268ba567377
                                                                                                                                • Instruction Fuzzy Hash: ACD1E323A0821285EF20AF21D8523B93BA1EF447A4F424335DA4DE7695DF3EE461C34D
                                                                                                                                Function 00007FF6E37972BC Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 318 7ff6e37972bc-7ff6e379732f call 7ff6e3796ff0 321 7ff6e3797331-7ff6e379733a call 7ff6e37854a4 318->321 322 7ff6e3797349-7ff6e3797353 call 7ff6e3788434 318->322 327 7ff6e379733d-7ff6e3797344 call 7ff6e37854c4 321->327 328 7ff6e379736e-7ff6e37973d7 CreateFileW 322->328 329 7ff6e3797355-7ff6e379736c call 7ff6e37854a4 call 7ff6e37854c4 322->329 345 7ff6e379768a-7ff6e37976aa 327->345 330 7ff6e3797454-7ff6e379745f GetFileType 328->330 331 7ff6e37973d9-7ff6e37973df 328->331 329->327 338 7ff6e3797461-7ff6e379749c GetLastError call 7ff6e3785438 CloseHandle 330->338 339 7ff6e37974b2-7ff6e37974b9 330->339 335 7ff6e3797421-7ff6e379744f GetLastError call 7ff6e3785438 331->335 336 7ff6e37973e1-7ff6e37973e5 331->336 335->327 336->335 343 7ff6e37973e7-7ff6e379741f CreateFileW 336->343 338->327 353 7ff6e37974a2-7ff6e37974ad call 7ff6e37854c4 338->353 341 7ff6e37974c1-7ff6e37974c4 339->341 342 7ff6e37974bb-7ff6e37974bf 339->342 348 7ff6e37974ca-7ff6e379751f call 7ff6e378834c 341->348 349 7ff6e37974c6 341->349 342->348 343->330 343->335 357 7ff6e379753e-7ff6e379756f call 7ff6e3796d70 348->357 358 7ff6e3797521-7ff6e379752d call 7ff6e37971f8 348->358 349->348 353->327 363 7ff6e3797571-7ff6e3797573 357->363 364 7ff6e3797575-7ff6e37975b7 357->364 358->357 365 7ff6e379752f 358->365 366 7ff6e3797531-7ff6e3797539 call 7ff6e378b084 363->366 367 7ff6e37975d9-7ff6e37975e4 364->367 368 7ff6e37975b9-7ff6e37975bd 364->368 365->366 366->345 370 7ff6e3797688 367->370 371 7ff6e37975ea-7ff6e37975ee 367->371 368->367 369 7ff6e37975bf-7ff6e37975d4 368->369 369->367 370->345 371->370 373 7ff6e37975f4-7ff6e3797639 CloseHandle CreateFileW 371->373 375 7ff6e379766e-7ff6e3797683 373->375 376 7ff6e379763b-7ff6e3797669 GetLastError call 7ff6e3785438 call 7ff6e3788574 373->376 375->370 376->375
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1617910340-0
                                                                                                                                • Opcode ID: d1d4f06f2925cf98ba43065425f03779d4007acc0884ea13a9d80746d18551ee
                                                                                                                                • Instruction ID: 5152765be7caf816ededa414d1fe219e11f2d3929f9b5da4278bacb4b9dc725d
                                                                                                                                • Opcode Fuzzy Hash: d1d4f06f2925cf98ba43065425f03779d4007acc0884ea13a9d80746d18551ee
                                                                                                                                • Instruction Fuzzy Hash: 98C1B537B24A8185EF10CF65C4826AC3B71F749BA8B424325DE1EAB395CF3AD465C349
                                                                                                                                Function 00007FF6E3777950 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 141COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                • GetTempPathW.KERNEL32(00000000,?,00000000,00000000,?,00007FF6E377154F), ref: 00007FF6E37779E7
                                                                                                                                  • Part of subcall function 00007FF6E3777B60: GetEnvironmentVariableW.KERNEL32(00007FF6E3773A1F), ref: 00007FF6E3777B9A
                                                                                                                                  • Part of subcall function 00007FF6E3777B60: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6E3777BB7
                                                                                                                                  • Part of subcall function 00007FF6E3787DEC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E3787E05
                                                                                                                                • SetEnvironmentVariableW.KERNEL32 ref: 00007FF6E3777AA1
                                                                                                                                  • Part of subcall function 00007FF6E3772B30: MessageBoxW.USER32 ref: 00007FF6E3772C05
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                • API String ID: 3752271684-1116378104
                                                                                                                                • Opcode ID: d0ee005bfdeb011a84540aff6346199bb1fc02b76f4ac94b865217064e0c6b04
                                                                                                                                • Instruction ID: b01c6719c1c2131d24e9b49bdec20c1a7a5a8e80916b88bc96082e15c491d61c
                                                                                                                                • Opcode Fuzzy Hash: d0ee005bfdeb011a84540aff6346199bb1fc02b76f4ac94b865217064e0c6b04
                                                                                                                                • Instruction Fuzzy Hash: B351D513B0929341FD14A72698573BA7A91AF88BC1F054035EC0EE77D7EE2FE061860E
                                                                                                                                Function 00007FF6E37965EC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 766 7ff6e37965ec-7ff6e3796621 call 7ff6e3795cf8 call 7ff6e3795d00 call 7ff6e3795d68 773 7ff6e379675f-7ff6e37967cd call 7ff6e378aec4 call 7ff6e3791be8 766->773 774 7ff6e3796627-7ff6e3796632 call 7ff6e3795d08 766->774 786 7ff6e37967cf-7ff6e37967d6 773->786 787 7ff6e37967db-7ff6e37967de 773->787 774->773 779 7ff6e3796638-7ff6e3796643 call 7ff6e3795d38 774->779 779->773 785 7ff6e3796649-7ff6e379666c call 7ff6e378af0c GetTimeZoneInformation 779->785 800 7ff6e3796672-7ff6e3796693 785->800 801 7ff6e3796734-7ff6e379675e call 7ff6e3795cf0 call 7ff6e3795ce0 call 7ff6e3795ce8 785->801 788 7ff6e379686b-7ff6e379686e 786->788 789 7ff6e37967e0 787->789 790 7ff6e3796815-7ff6e3796828 call 7ff6e378dbbc 787->790 792 7ff6e37967e3 788->792 793 7ff6e3796874-7ff6e379687c call 7ff6e3796370 788->793 789->792 805 7ff6e3796833-7ff6e379684e call 7ff6e3791be8 790->805 806 7ff6e379682a 790->806 796 7ff6e37967e8-7ff6e3796814 call 7ff6e378af0c call 7ff6e377bcc0 792->796 797 7ff6e37967e3 call 7ff6e37965ec 792->797 793->796 797->796 807 7ff6e379669e-7ff6e37966a5 800->807 808 7ff6e3796695-7ff6e379669b 800->808 823 7ff6e3796850-7ff6e3796853 805->823 824 7ff6e3796855-7ff6e3796867 call 7ff6e378af0c 805->824 814 7ff6e379682c-7ff6e3796831 call 7ff6e378af0c 806->814 809 7ff6e37966a7-7ff6e37966af 807->809 810 7ff6e37966b9 807->810 808->807 809->810 815 7ff6e37966b1-7ff6e37966b7 809->815 818 7ff6e37966bb-7ff6e379672f call 7ff6e377d0e0 * 4 call 7ff6e37931cc call 7ff6e3796884 * 2 810->818 814->789 815->818 818->801 823->814 824->788
                                                                                                                                APIs
                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF6E379661A
                                                                                                                                  • Part of subcall function 00007FF6E3795D68: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E3795D7C
                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF6E379662B
                                                                                                                                  • Part of subcall function 00007FF6E3795D08: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E3795D1C
                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF6E379663C
                                                                                                                                  • Part of subcall function 00007FF6E3795D38: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E3795D4C
                                                                                                                                  • Part of subcall function 00007FF6E378AF0C: RtlFreeHeap.NTDLL(?,?,?,00007FF6E3793392,?,?,?,00007FF6E37933CF,?,?,00000000,00007FF6E3793895,?,?,00000000,00007FF6E37937C7), ref: 00007FF6E378AF22
                                                                                                                                  • Part of subcall function 00007FF6E378AF0C: GetLastError.KERNEL32(?,?,?,00007FF6E3793392,?,?,?,00007FF6E37933CF,?,?,00000000,00007FF6E3793895,?,?,00000000,00007FF6E37937C7), ref: 00007FF6E378AF2C
                                                                                                                                • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6E379687C), ref: 00007FF6E3796663
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                • API String ID: 3458911817-239921721
                                                                                                                                • Opcode ID: d89d275585cbbb59bda8e874ee0f2677ffedd79ad2d8aa11b56fbb7743459a01
                                                                                                                                • Instruction ID: 028604030048ad4ce323c36ab0cd721cf8f6c5df329e9737812cdda9ace194a6
                                                                                                                                • Opcode Fuzzy Hash: d89d275585cbbb59bda8e874ee0f2677ffedd79ad2d8aa11b56fbb7743459a01
                                                                                                                                • Instruction Fuzzy Hash: FD51C233A1864286EB10DF21E8827A97BA1FF48794F424235DA4DE7695DF3EE420874D
                                                                                                                                Function 00007FF6E3790F38 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1010374628-0
                                                                                                                                • Opcode ID: 08e5aa8e339564cd7a7b65546afe2f45283a9087c0a557908bbbf8b75e3d7d61
                                                                                                                                • Instruction ID: 95a171ac8b5b3643e67aee35d9792e7b40c271669a39747d3557d3f154eca282
                                                                                                                                • Opcode Fuzzy Hash: 08e5aa8e339564cd7a7b65546afe2f45283a9087c0a557908bbbf8b75e3d7d61
                                                                                                                                • Instruction Fuzzy Hash: 7C028D23A1965680FE65AF2194023793E91AF45BA0F064634DD6EEA7D1DE3EE431830E
                                                                                                                                Function 00007FF6E3771710 Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 148COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 0 7ff6e3771710-7ff6e3771724 1 7ff6e3771726-7ff6e377173d call 7ff6e3772b30 0->1 2 7ff6e377173e-7ff6e3771742 0->2 4 7ff6e3771768-7ff6e377178b call 7ff6e3777c10 2->4 5 7ff6e3771744-7ff6e377174d call 7ff6e37712b0 2->5 11 7ff6e377178d-7ff6e37717b8 call 7ff6e3772890 4->11 12 7ff6e37717b9-7ff6e37717d4 call 7ff6e3773fd0 4->12 13 7ff6e377175f-7ff6e3771767 5->13 14 7ff6e377174f-7ff6e377175a call 7ff6e3772b30 5->14 20 7ff6e37717d6-7ff6e37717e9 call 7ff6e3772b30 12->20 21 7ff6e37717ee-7ff6e3771801 call 7ff6e3780814 12->21 14->13 26 7ff6e377192f-7ff6e3771932 call 7ff6e378018c 20->26 27 7ff6e3771823-7ff6e3771827 21->27 28 7ff6e3771803-7ff6e377181e call 7ff6e3772890 21->28 33 7ff6e3771937-7ff6e377194e 26->33 29 7ff6e3771829-7ff6e3771835 call 7ff6e3771050 27->29 30 7ff6e3771841-7ff6e3771861 call 7ff6e3784f90 27->30 39 7ff6e3771927-7ff6e377192a call 7ff6e378018c 28->39 37 7ff6e377183a-7ff6e377183c 29->37 40 7ff6e3771882-7ff6e3771888 30->40 41 7ff6e3771863-7ff6e377187d call 7ff6e3772890 30->41 37->39 39->26 44 7ff6e3771915-7ff6e3771918 call 7ff6e3784f7c 40->44 45 7ff6e377188e-7ff6e3771897 40->45 49 7ff6e377191d-7ff6e3771922 41->49 44->49 48 7ff6e37718a0-7ff6e37718c2 call 7ff6e37804dc 45->48 52 7ff6e37718c4-7ff6e37718dc call 7ff6e3780c1c 48->52 53 7ff6e37718f5-7ff6e37718fc 48->53 49->39 58 7ff6e37718e5-7ff6e37718f3 52->58 59 7ff6e37718de-7ff6e37718e1 52->59 54 7ff6e3771903-7ff6e377190b call 7ff6e3772890 53->54 62 7ff6e3771910 54->62 58->54 59->48 61 7ff6e37718e3 59->61 61->62 62->44
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Message
                                                                                                                                • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc$pyi_arch_extract2fs was called before temporary directory was initialized!
                                                                                                                                • API String ID: 2030045667-3833288071
                                                                                                                                • Opcode ID: e6c1ab7bb3c3a801f64289f44486b38c07945d09aa6b91d9999fd41f69d5c48e
                                                                                                                                • Instruction ID: 9b4f8f95bcb068cd145d8a7036b01d2edf840e2ae3ad3df45ebdd3abd5a274dc
                                                                                                                                • Opcode Fuzzy Hash: e6c1ab7bb3c3a801f64289f44486b38c07945d09aa6b91d9999fd41f69d5c48e
                                                                                                                                • Instruction Fuzzy Hash: 1E51DD23B0868286EE109B11E8523B97B90FF44B95F440535DE0CA77D6EF3EE265970E
                                                                                                                                Function 00007FF6E3778950 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                • GetCurrentProcess.KERNEL32(0000000100000001,00007FF6E377414C,00007FF6E3777911,?,00007FF6E3777D26,?,00007FF6E3771785), ref: 00007FF6E3778990
                                                                                                                                • OpenProcessToken.ADVAPI32(?,00007FF6E3777D26,?,00007FF6E3771785), ref: 00007FF6E37789A1
                                                                                                                                • GetTokenInformation.KERNELBASE(?,00007FF6E3777D26,?,00007FF6E3771785), ref: 00007FF6E37789C3
                                                                                                                                • GetLastError.KERNEL32(?,00007FF6E3777D26,?,00007FF6E3771785), ref: 00007FF6E37789CD
                                                                                                                                • GetTokenInformation.KERNELBASE(?,00007FF6E3777D26,?,00007FF6E3771785), ref: 00007FF6E3778A0A
                                                                                                                                • ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6E3778A1C
                                                                                                                                • CloseHandle.KERNELBASE(?,00007FF6E3777D26,?,00007FF6E3771785), ref: 00007FF6E3778A34
                                                                                                                                • LocalFree.KERNEL32(?,00007FF6E3777D26,?,00007FF6E3771785), ref: 00007FF6E3778A66
                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32 ref: 00007FF6E3778A8D
                                                                                                                                • CreateDirectoryW.KERNELBASE(?,00007FF6E3777D26,?,00007FF6E3771785), ref: 00007FF6E3778A9E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                • API String ID: 4998090-2855260032
                                                                                                                                • Opcode ID: 9d301874694f13eee612efc427f36135b77fc192910b60788b949b6aa4b4f411
                                                                                                                                • Instruction ID: 34c19a3f7cdb602b2ad4454c7cf929690febd508c0cf0f44502403b9b6ac9811
                                                                                                                                • Opcode Fuzzy Hash: 9d301874694f13eee612efc427f36135b77fc192910b60788b949b6aa4b4f411
                                                                                                                                • Instruction Fuzzy Hash: 5B41BF3361C68682EE108F50E8867BA7B60FB84790F450231EA5E97AE4DF3DE414CB09
                                                                                                                                Function 00007FF6E3771AA0 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 135COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _fread_nolock$Message
                                                                                                                                • String ID: Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                • API String ID: 677216364-1384898525
                                                                                                                                • Opcode ID: dcf7c84ed462617b0e0dce36cb9749f58e0a0a21bbdd9ff1a57d48b7c6d024f3
                                                                                                                                • Instruction ID: 791e7d83807920a04ce5e302bf8053aad29762a84f2bf5c856b15bcfb9301f1d
                                                                                                                                • Opcode Fuzzy Hash: dcf7c84ed462617b0e0dce36cb9749f58e0a0a21bbdd9ff1a57d48b7c6d024f3
                                                                                                                                • Instruction Fuzzy Hash: D7519E73A0860286EF14CF28D4862783FA0EF48B95B558135D90CD77A5DE7EE460CB4E
                                                                                                                                Function 00007FF6E3778080 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                • String ID: CreateProcessW$Error creating child process!
                                                                                                                                • API String ID: 2895956056-3524285272
                                                                                                                                • Opcode ID: 43f1d35e7fbf24803adac071d2ce953c020152e2d40e2e5a1956faa0815d12d1
                                                                                                                                • Instruction ID: 8e654cadf018bca18b03f70b7f858e5e655a90bba62170b16c5d79ff64b23871
                                                                                                                                • Opcode Fuzzy Hash: 43f1d35e7fbf24803adac071d2ce953c020152e2d40e2e5a1956faa0815d12d1
                                                                                                                                • Instruction Fuzzy Hash: D3413333A0878582DE209B64E4563AABBA0FF94760F500335E6AD93BD5DF7DD054CB09
                                                                                                                                Function 00007FF6E3771000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 264COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 381 7ff6e3771000-7ff6e37739d6 call 7ff6e377ff60 call 7ff6e377ff58 call 7ff6e37786b0 call 7ff6e377ff58 call 7ff6e377bc60 call 7ff6e37852f0 call 7ff6e3785ef8 call 7ff6e3771eb0 399 7ff6e37739dc-7ff6e37739ec call 7ff6e3773ec0 381->399 400 7ff6e3773ad2 381->400 399->400 406 7ff6e37739f2-7ff6e3773a05 call 7ff6e3773d90 399->406 401 7ff6e3773ad7-7ff6e3773af7 call 7ff6e377bcc0 400->401 406->400 409 7ff6e3773a0b-7ff6e3773a32 call 7ff6e3777b60 406->409 412 7ff6e3773a74-7ff6e3773a9c call 7ff6e3778040 call 7ff6e3771cb0 409->412 413 7ff6e3773a34-7ff6e3773a43 call 7ff6e3777b60 409->413 424 7ff6e3773aa2-7ff6e3773ab8 call 7ff6e3771cb0 412->424 425 7ff6e3773b71-7ff6e3773b82 412->425 413->412 418 7ff6e3773a45-7ff6e3773a4b 413->418 420 7ff6e3773a4d-7ff6e3773a55 418->420 421 7ff6e3773a57-7ff6e3773a71 call 7ff6e3784f7c call 7ff6e3778040 418->421 420->421 421->412 435 7ff6e3773aba-7ff6e3773acd call 7ff6e3772b30 424->435 436 7ff6e3773af8-7ff6e3773afb 424->436 428 7ff6e3773b84-7ff6e3773b8b 425->428 429 7ff6e3773b9e-7ff6e3773ba1 425->429 428->429 432 7ff6e3773b8d-7ff6e3773b90 call 7ff6e37714f0 428->432 433 7ff6e3773bb7-7ff6e3773bcf call 7ff6e3778ae0 429->433 434 7ff6e3773ba3-7ff6e3773ba9 429->434 446 7ff6e3773b95-7ff6e3773b98 432->446 447 7ff6e3773be2-7ff6e3773be9 SetDllDirectoryW 433->447 448 7ff6e3773bd1-7ff6e3773bdd call 7ff6e3772b30 433->448 439 7ff6e3773bab-7ff6e3773bb5 434->439 440 7ff6e3773bef-7ff6e3773bfc call 7ff6e3776de0 434->440 435->400 436->425 445 7ff6e3773afd-7ff6e3773b14 call 7ff6e3773fd0 436->445 439->433 439->440 452 7ff6e3773c47-7ff6e3773c4c call 7ff6e3776d60 440->452 453 7ff6e3773bfe-7ff6e3773c0b call 7ff6e3776a90 440->453 458 7ff6e3773b1b-7ff6e3773b47 call 7ff6e37782b0 445->458 459 7ff6e3773b16-7ff6e3773b19 445->459 446->400 446->429 447->440 448->400 460 7ff6e3773c51-7ff6e3773c54 452->460 453->452 467 7ff6e3773c0d-7ff6e3773c1c call 7ff6e37765f0 453->467 458->425 469 7ff6e3773b49-7ff6e3773b51 call 7ff6e378018c 458->469 462 7ff6e3773b56-7ff6e3773b6c call 7ff6e3772b30 459->462 465 7ff6e3773c5a-7ff6e3773c67 460->465 466 7ff6e3773d06-7ff6e3773d15 call 7ff6e37734c0 460->466 462->400 471 7ff6e3773c70-7ff6e3773c7a 465->471 466->400 479 7ff6e3773d1b-7ff6e3773d4d call 7ff6e3777fd0 call 7ff6e3777b60 call 7ff6e3773620 call 7ff6e3778080 466->479 483 7ff6e3773c3d-7ff6e3773c42 call 7ff6e3776840 467->483 484 7ff6e3773c1e-7ff6e3773c2a call 7ff6e3776570 467->484 469->462 475 7ff6e3773c7c-7ff6e3773c81 471->475 476 7ff6e3773c83-7ff6e3773c85 471->476 475->471 475->476 481 7ff6e3773c87-7ff6e3773caa call 7ff6e3771ef0 476->481 482 7ff6e3773cd1-7ff6e3773d01 call 7ff6e3773620 call 7ff6e3773460 call 7ff6e3773610 call 7ff6e3776840 call 7ff6e3776d60 476->482 509 7ff6e3773d52-7ff6e3773d6f call 7ff6e3776840 call 7ff6e3776d60 479->509 481->400 494 7ff6e3773cb0-7ff6e3773cba 481->494 482->401 483->452 484->483 495 7ff6e3773c2c-7ff6e3773c3b call 7ff6e3776c30 484->495 498 7ff6e3773cc0-7ff6e3773ccf 494->498 495->460 498->482 498->498 517 7ff6e3773d7d-7ff6e3773d87 call 7ff6e3771e80 509->517 518 7ff6e3773d71-7ff6e3773d78 call 7ff6e3777d40 509->518 517->401 518->517
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FF6E3773EC0: GetModuleFileNameW.KERNEL32(?,00007FF6E37739EA), ref: 00007FF6E3773EF1
                                                                                                                                • SetDllDirectoryW.KERNEL32 ref: 00007FF6E3773BE9
                                                                                                                                  • Part of subcall function 00007FF6E3777B60: GetEnvironmentVariableW.KERNEL32(00007FF6E3773A1F), ref: 00007FF6E3777B9A
                                                                                                                                  • Part of subcall function 00007FF6E3777B60: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6E3777BB7
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                • API String ID: 2344891160-3602715111
                                                                                                                                • Opcode ID: bc804580661d330fd68571be0a8a6f4046a9eb4bd7f0ff81acb8572ffe878501
                                                                                                                                • Instruction ID: 364cbc825e1017c3e3c677885c313eedeb411a04700303a1b0141e0990693db5
                                                                                                                                • Opcode Fuzzy Hash: bc804580661d330fd68571be0a8a6f4046a9eb4bd7f0ff81acb8572ffe878501
                                                                                                                                • Instruction Fuzzy Hash: 81B17023B1C68641FE24AB2194533B93A91EF44786F400131EE4DE76DAEE2EE535C74E
                                                                                                                                Function 00007FF6E3771050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 522 7ff6e3771050-7ff6e37710ab call 7ff6e377b4e0 525 7ff6e37710ad-7ff6e37710d2 call 7ff6e3772b30 522->525 526 7ff6e37710d3-7ff6e37710eb call 7ff6e3784f90 522->526 531 7ff6e37710ed-7ff6e3771104 call 7ff6e3772890 526->531 532 7ff6e3771109-7ff6e3771119 call 7ff6e3784f90 526->532 537 7ff6e377126c-7ff6e3771281 call 7ff6e377b1c0 call 7ff6e3784f7c * 2 531->537 538 7ff6e377111b-7ff6e3771132 call 7ff6e3772890 532->538 539 7ff6e3771137-7ff6e3771147 532->539 555 7ff6e3771286-7ff6e37712a0 537->555 538->537 540 7ff6e3771150-7ff6e3771175 call 7ff6e37804dc 539->540 548 7ff6e377117b-7ff6e3771185 call 7ff6e3780250 540->548 549 7ff6e377125e 540->549 548->549 556 7ff6e377118b-7ff6e3771197 548->556 551 7ff6e3771264 549->551 551->537 557 7ff6e37711a0-7ff6e37711c8 call 7ff6e3779990 556->557 560 7ff6e37711ca-7ff6e37711cd 557->560 561 7ff6e3771241-7ff6e377125c call 7ff6e3772b30 557->561 563 7ff6e377123c 560->563 564 7ff6e37711cf-7ff6e37711d9 560->564 561->551 563->561 566 7ff6e37711db-7ff6e37711e8 call 7ff6e3780c1c 564->566 567 7ff6e3771203-7ff6e3771206 564->567 571 7ff6e37711ed-7ff6e37711f0 566->571 568 7ff6e3771208-7ff6e3771216 call 7ff6e377ca40 567->568 569 7ff6e3771219-7ff6e377121e 567->569 568->569 569->557 573 7ff6e3771220-7ff6e3771223 569->573 574 7ff6e37711f2-7ff6e37711fc call 7ff6e3780250 571->574 575 7ff6e37711fe-7ff6e3771201 571->575 577 7ff6e3771237-7ff6e377123a 573->577 578 7ff6e3771225-7ff6e3771228 573->578 574->569 574->575 575->561 577->551 578->561 580 7ff6e377122a-7ff6e3771232 578->580 580->540
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Message
                                                                                                                                • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                • API String ID: 2030045667-1655038675
                                                                                                                                • Opcode ID: 20f07d5497f98b98d29e47cc3211355221ae8af9de98a618917402c82fb68268
                                                                                                                                • Instruction ID: b7a1116510a9d6c02c1e204db3ec8ddb19b46cccbf94a1ae8649bc8ae9f8415b
                                                                                                                                • Opcode Fuzzy Hash: 20f07d5497f98b98d29e47cc3211355221ae8af9de98a618917402c82fb68268
                                                                                                                                • Instruction Fuzzy Hash: 3C51FE23B0868285EE209B11A8423BA7A90FF84795F444135EE4DE77D5EF3EE464C70E
                                                                                                                                Function 00007FF6E378C01C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 653 7ff6e378c01c-7ff6e378c042 654 7ff6e378c044-7ff6e378c058 call 7ff6e37854a4 call 7ff6e37854c4 653->654 655 7ff6e378c05d-7ff6e378c061 653->655 669 7ff6e378c44e 654->669 656 7ff6e378c437-7ff6e378c443 call 7ff6e37854a4 call 7ff6e37854c4 655->656 657 7ff6e378c067-7ff6e378c06e 655->657 676 7ff6e378c449 call 7ff6e378aea4 656->676 657->656 659 7ff6e378c074-7ff6e378c0a2 657->659 659->656 662 7ff6e378c0a8-7ff6e378c0af 659->662 666 7ff6e378c0b1-7ff6e378c0c3 call 7ff6e37854a4 call 7ff6e37854c4 662->666 667 7ff6e378c0c8-7ff6e378c0cb 662->667 666->676 672 7ff6e378c0d1-7ff6e378c0d7 667->672 673 7ff6e378c433-7ff6e378c435 667->673 674 7ff6e378c451-7ff6e378c468 669->674 672->673 677 7ff6e378c0dd-7ff6e378c0e0 672->677 673->674 676->669 677->666 680 7ff6e378c0e2-7ff6e378c107 677->680 682 7ff6e378c109-7ff6e378c10b 680->682 683 7ff6e378c13a-7ff6e378c141 680->683 686 7ff6e378c132-7ff6e378c138 682->686 687 7ff6e378c10d-7ff6e378c114 682->687 684 7ff6e378c143-7ff6e378c16b call 7ff6e378dbbc call 7ff6e378af0c * 2 683->684 685 7ff6e378c116-7ff6e378c12d call 7ff6e37854a4 call 7ff6e37854c4 call 7ff6e378aea4 683->685 713 7ff6e378c188-7ff6e378c1b3 call 7ff6e378c844 684->713 714 7ff6e378c16d-7ff6e378c183 call 7ff6e37854c4 call 7ff6e37854a4 684->714 717 7ff6e378c2c0 685->717 689 7ff6e378c1b8-7ff6e378c1cf 686->689 687->685 687->686 692 7ff6e378c1d1-7ff6e378c1d9 689->692 693 7ff6e378c24a-7ff6e378c254 call 7ff6e3793f8c 689->693 692->693 697 7ff6e378c1db-7ff6e378c1dd 692->697 704 7ff6e378c2de 693->704 705 7ff6e378c25a-7ff6e378c26f 693->705 697->693 701 7ff6e378c1df-7ff6e378c1f5 697->701 701->693 706 7ff6e378c1f7-7ff6e378c203 701->706 708 7ff6e378c2e3-7ff6e378c303 ReadFile 704->708 705->704 710 7ff6e378c271-7ff6e378c283 GetConsoleMode 705->710 706->693 711 7ff6e378c205-7ff6e378c207 706->711 715 7ff6e378c309-7ff6e378c311 708->715 716 7ff6e378c3fd-7ff6e378c406 GetLastError 708->716 710->704 718 7ff6e378c285-7ff6e378c28d 710->718 711->693 719 7ff6e378c209-7ff6e378c221 711->719 713->689 714->717 715->716 721 7ff6e378c317 715->721 724 7ff6e378c423-7ff6e378c426 716->724 725 7ff6e378c408-7ff6e378c41e call 7ff6e37854c4 call 7ff6e37854a4 716->725 726 7ff6e378c2c3-7ff6e378c2cd call 7ff6e378af0c 717->726 718->708 723 7ff6e378c28f-7ff6e378c2b1 ReadConsoleW 718->723 719->693 727 7ff6e378c223-7ff6e378c22f 719->727 732 7ff6e378c31e-7ff6e378c333 721->732 734 7ff6e378c2d2-7ff6e378c2dc 723->734 735 7ff6e378c2b3 GetLastError 723->735 729 7ff6e378c2b9-7ff6e378c2bb call 7ff6e3785438 724->729 730 7ff6e378c42c-7ff6e378c42e 724->730 725->717 726->674 727->693 728 7ff6e378c231-7ff6e378c233 727->728 728->693 738 7ff6e378c235-7ff6e378c245 728->738 729->717 730->726 732->726 740 7ff6e378c335-7ff6e378c340 732->740 734->732 735->729 738->693 745 7ff6e378c342-7ff6e378c35b call 7ff6e378bc34 740->745 746 7ff6e378c367-7ff6e378c36f 740->746 753 7ff6e378c360-7ff6e378c362 745->753 749 7ff6e378c371-7ff6e378c383 746->749 750 7ff6e378c3eb-7ff6e378c3f8 call 7ff6e378ba74 746->750 754 7ff6e378c3de-7ff6e378c3e6 749->754 755 7ff6e378c385 749->755 750->753 753->726 754->726 757 7ff6e378c38a-7ff6e378c391 755->757 758 7ff6e378c393-7ff6e378c397 757->758 759 7ff6e378c3cd-7ff6e378c3d8 757->759 760 7ff6e378c3b3 758->760 761 7ff6e378c399-7ff6e378c3a0 758->761 759->754 763 7ff6e378c3b9-7ff6e378c3c9 760->763 761->760 762 7ff6e378c3a2-7ff6e378c3a6 761->762 762->760 764 7ff6e378c3a8-7ff6e378c3b1 762->764 763->757 765 7ff6e378c3cb 763->765 764->763 765->754
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: be7416da91f84ed5bfdd546aa92e4ee07cb2f4e154380db95b5ab7bb0620c26f
                                                                                                                                • Instruction ID: 10ca7829b305d2ca2af519f27d6d608747807532ace47762c0281e000b791913
                                                                                                                                • Opcode Fuzzy Hash: be7416da91f84ed5bfdd546aa92e4ee07cb2f4e154380db95b5ab7bb0620c26f
                                                                                                                                • Instruction Fuzzy Hash: 7CC1F0239086A781EF608B5594463BDBF60EB84B90F550131DA4EA77D1CF7EE865C30E
                                                                                                                                Function 00007FF6E378D520 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 876 7ff6e378d520-7ff6e378d545 877 7ff6e378d813 876->877 878 7ff6e378d54b-7ff6e378d54e 876->878 881 7ff6e378d815-7ff6e378d825 877->881 879 7ff6e378d550-7ff6e378d582 call 7ff6e378add8 878->879 880 7ff6e378d587-7ff6e378d5b3 878->880 879->881 883 7ff6e378d5be-7ff6e378d5c4 880->883 884 7ff6e378d5b5-7ff6e378d5bc 880->884 886 7ff6e378d5d4-7ff6e378d5e9 call 7ff6e3793f8c 883->886 887 7ff6e378d5c6-7ff6e378d5cf call 7ff6e378c8e0 883->887 884->879 884->883 891 7ff6e378d5ef-7ff6e378d5f8 886->891 892 7ff6e378d703-7ff6e378d70c 886->892 887->886 891->892 895 7ff6e378d5fe-7ff6e378d602 891->895 893 7ff6e378d70e-7ff6e378d714 892->893 894 7ff6e378d760-7ff6e378d785 WriteFile 892->894 900 7ff6e378d716-7ff6e378d719 893->900 901 7ff6e378d74c-7ff6e378d75e call 7ff6e378cfd8 893->901 898 7ff6e378d790 894->898 899 7ff6e378d787-7ff6e378d78d GetLastError 894->899 896 7ff6e378d613-7ff6e378d61e 895->896 897 7ff6e378d604-7ff6e378d60c call 7ff6e3784900 895->897 903 7ff6e378d62f-7ff6e378d644 GetConsoleMode 896->903 904 7ff6e378d620-7ff6e378d629 896->904 897->896 906 7ff6e378d793 898->906 899->898 907 7ff6e378d738-7ff6e378d74a call 7ff6e378d1f8 900->907 908 7ff6e378d71b-7ff6e378d71e 900->908 921 7ff6e378d6f0-7ff6e378d6f7 901->921 911 7ff6e378d64a-7ff6e378d650 903->911 912 7ff6e378d6fc 903->912 904->892 904->903 914 7ff6e378d798 906->914 907->921 915 7ff6e378d7a4-7ff6e378d7ae 908->915 916 7ff6e378d724-7ff6e378d736 call 7ff6e378d0dc 908->916 919 7ff6e378d656-7ff6e378d659 911->919 920 7ff6e378d6d9-7ff6e378d6eb call 7ff6e378cb60 911->920 912->892 922 7ff6e378d79d 914->922 923 7ff6e378d7b0-7ff6e378d7b5 915->923 924 7ff6e378d80c-7ff6e378d811 915->924 916->921 928 7ff6e378d664-7ff6e378d672 919->928 929 7ff6e378d65b-7ff6e378d65e 919->929 920->921 921->914 922->915 925 7ff6e378d7e3-7ff6e378d7ed 923->925 926 7ff6e378d7b7-7ff6e378d7ba 923->926 924->881 933 7ff6e378d7ef-7ff6e378d7f2 925->933 934 7ff6e378d7f4-7ff6e378d803 925->934 931 7ff6e378d7d3-7ff6e378d7de call 7ff6e3785480 926->931 932 7ff6e378d7bc-7ff6e378d7cb 926->932 935 7ff6e378d6d0-7ff6e378d6d4 928->935 936 7ff6e378d674 928->936 929->922 929->928 931->925 932->931 933->877 933->934 934->924 935->906 938 7ff6e378d678-7ff6e378d68f call 7ff6e3794058 936->938 942 7ff6e378d691-7ff6e378d69d 938->942 943 7ff6e378d6c7-7ff6e378d6cd GetLastError 938->943 944 7ff6e378d69f-7ff6e378d6b1 call 7ff6e3794058 942->944 945 7ff6e378d6bc-7ff6e378d6c3 942->945 943->935 944->943 949 7ff6e378d6b3-7ff6e378d6ba 944->949 945->935 947 7ff6e378d6c5 945->947 947->938 949->945
                                                                                                                                APIs
                                                                                                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF6E378D50B), ref: 00007FF6E378D63C
                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF6E378D50B), ref: 00007FF6E378D6C7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ConsoleErrorLastMode
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 953036326-0
                                                                                                                                • Opcode ID: 9c71bbc92960716eb9d411b0b48861d3e4dcea1db34bc3604978879cc3cc685b
                                                                                                                                • Instruction ID: 796222564f7aa1c0bc839d92c1cb90a7a8b834df1b746face6dd42ccb20c93f5
                                                                                                                                • Opcode Fuzzy Hash: 9c71bbc92960716eb9d411b0b48861d3e4dcea1db34bc3604978879cc3cc685b
                                                                                                                                • Instruction Fuzzy Hash: 5491B123F0876685FB609F6594467BE3FE0AB44B98F144139DE0EB6694CF3AD461830E
                                                                                                                                Function 00007FF6E378FCEC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _get_daylight$_isindst
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4170891091-0
                                                                                                                                • Opcode ID: 576313037ba361094b23b779854add166a997b8059c5947e2a7d8f77b38f16ad
                                                                                                                                • Instruction ID: eaa7a319073d2c3dfff734a6518a23fd50ad8d9f093035877323d2da7b58bbed
                                                                                                                                • Opcode Fuzzy Hash: 576313037ba361094b23b779854add166a997b8059c5947e2a7d8f77b38f16ad
                                                                                                                                • Instruction Fuzzy Hash: 6651D373F0422286EF14DF28E95A7BC3BA1AF40368F140236DD1DA2AD5DF39A411C709
                                                                                                                                Function 00007FF6E3785854 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2780335769-0
                                                                                                                                • Opcode ID: 76a0635d5597b22ce5d2941ff6046abd28e8f163941117926f9164ef5776c06c
                                                                                                                                • Instruction ID: 0c814b0fe88b08cbe0e706163fd64680b505e415af7428c1bab6b66d7ff7aa79
                                                                                                                                • Opcode Fuzzy Hash: 76a0635d5597b22ce5d2941ff6046abd28e8f163941117926f9164ef5776c06c
                                                                                                                                • Instruction Fuzzy Hash: 00519023A186518AFF10CF71D4523BD3BB1AB48B78F108535DE4DAB689DF39D4A1870A
                                                                                                                                Function 00007FF6E377C07C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1452418845-0
                                                                                                                                • Opcode ID: 416c85195b1c4a12d0bca0f9f3e62a22dfdeb9afd9333f8228f8268f9139cf84
                                                                                                                                • Instruction ID: cb0f75f2a4be6125b263588a5e3be2bf54405f4875f4fc0ae8269ebdabab997d
                                                                                                                                • Opcode Fuzzy Hash: 416c85195b1c4a12d0bca0f9f3e62a22dfdeb9afd9333f8228f8268f9139cf84
                                                                                                                                • Instruction Fuzzy Hash: 2C315C53A0824781FE24AB6494533B93E91DF4978AF540035E90EFB2E7DE2FA424C21F
                                                                                                                                Function 00007FF6E3785700 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1279662727-0
                                                                                                                                • Opcode ID: 4e99df99e7301f39d701a276f02ef329721f1d5d609599a82ba0c959db36bcb5
                                                                                                                                • Instruction ID: b53f6c45e37e5fc2f7a6e875bb649ebbfca1bd19f8c6f9221afb9ef3e7695755
                                                                                                                                • Opcode Fuzzy Hash: 4e99df99e7301f39d701a276f02ef329721f1d5d609599a82ba0c959db36bcb5
                                                                                                                                • Instruction Fuzzy Hash: 0A41B123D2879283EB508B2195453A97B60FF947B4F108338EA9C93AD5DF7DA5B08709
                                                                                                                                Function 00007FF6E378027C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: 2f7bb398de8c4fd3266a2cb5114fed605c2779b223882c17691b198031e80610
                                                                                                                                • Instruction ID: 4c97857e9e356f251c1930bbf585b9764023e0dd352098cb22ef5853afe0ed59
                                                                                                                                • Opcode Fuzzy Hash: 2f7bb398de8c4fd3266a2cb5114fed605c2779b223882c17691b198031e80610
                                                                                                                                • Instruction Fuzzy Hash: A251F623B0966196FF649E26940277A7A81BF44BB4F144634DD6CA77C5CE3EE420C60E
                                                                                                                                Function 00007FF6E378C6F4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorFileLastPointer
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2976181284-0
                                                                                                                                • Opcode ID: b08d68fc7a6d73a6a6e4925e4a9dc39ae2e5fb86b78546c657aad159ae176ccc
                                                                                                                                • Instruction ID: ac845da7a08cd092bf2932d002218cb9dda0c18a48b933068437102499b00ad9
                                                                                                                                • Opcode Fuzzy Hash: b08d68fc7a6d73a6a6e4925e4a9dc39ae2e5fb86b78546c657aad159ae176ccc
                                                                                                                                • Instruction Fuzzy Hash: AA110163718B9281EE108B25A405269BB61EB44BF4F940335EEBD9B7D9CF3DD061870D
                                                                                                                                Function 00007FF6E37859FC Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6E3785911), ref: 00007FF6E3785A2F
                                                                                                                                • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6E3785911), ref: 00007FF6E3785A45
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Time$System$FileLocalSpecific
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1707611234-0
                                                                                                                                • Opcode ID: 01955a0fff7c8d04301666730a5fae84f6474b835d1eccbedadb07c42297a861
                                                                                                                                • Instruction ID: fa9e5c4e3c60f33bd37be0826a0c19d6ab1136ed38d544f363078014bb48ca40
                                                                                                                                • Opcode Fuzzy Hash: 01955a0fff7c8d04301666730a5fae84f6474b835d1eccbedadb07c42297a861
                                                                                                                                • Instruction Fuzzy Hash: BF118F2361C65681EE548B10A48227EBFB0FB847B1F500235EA9DD59D8EF2ED064CB09
                                                                                                                                Function 00007FF6E378AF0C Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RtlFreeHeap.NTDLL(?,?,?,00007FF6E3793392,?,?,?,00007FF6E37933CF,?,?,00000000,00007FF6E3793895,?,?,00000000,00007FF6E37937C7), ref: 00007FF6E378AF22
                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF6E3793392,?,?,?,00007FF6E37933CF,?,?,00000000,00007FF6E3793895,?,?,00000000,00007FF6E37937C7), ref: 00007FF6E378AF2C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorFreeHeapLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 485612231-0
                                                                                                                                • Opcode ID: bfb090b2684f97747e4e2589e7b79ee9627266c2664004addae3296ee4c2c8e2
                                                                                                                                • Instruction ID: 6e8c72957bb5d970519f8a13b0b3a577e7e16c38a5c44206b7dc703bd69eee25
                                                                                                                                • Opcode Fuzzy Hash: bfb090b2684f97747e4e2589e7b79ee9627266c2664004addae3296ee4c2c8e2
                                                                                                                                • Instruction Fuzzy Hash: D2E08C52F0920682FF48ABB258473393E619F8CB11F404434D80EE6292DE2EA8A5821E
                                                                                                                                Function 00007FF6E378B11C Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CloseHandle.KERNELBASE(?,?,?,00007FF6E378AF99,?,?,00000000,00007FF6E378B04E), ref: 00007FF6E378B18A
                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF6E378AF99,?,?,00000000,00007FF6E378B04E), ref: 00007FF6E378B194
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseErrorHandleLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 918212764-0
                                                                                                                                • Opcode ID: b40b4e21971f44bf7084fa7db8f9dedbad63d491ac625d0e9d3072d74158efd6
                                                                                                                                • Instruction ID: 6d5c571f16d1fede9786df0f9fab306720f5c07c32d2f2a9c2dcb1b98159f405
                                                                                                                                • Opcode Fuzzy Hash: b40b4e21971f44bf7084fa7db8f9dedbad63d491ac625d0e9d3072d74158efd6
                                                                                                                                • Instruction Fuzzy Hash: C321D723F1869241FE905B6494563793E929F447A0F444234DA1EDB3D6CF6DE465830F
                                                                                                                                Function 00007FF6E378C46C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: 6c27d5487ee8182774302d92aae2f9046d2b98e9277a8b83ca44002d61502fcf
                                                                                                                                • Instruction ID: aaf1364c5623a0d1b95e30e1ddd40662bf27edb9ee02044fbf1e937dec0301a6
                                                                                                                                • Opcode Fuzzy Hash: 6c27d5487ee8182774302d92aae2f9046d2b98e9277a8b83ca44002d61502fcf
                                                                                                                                • Instruction Fuzzy Hash: F341D43390925287EE74CB29E542379BFA0EB55B51F100231D68EE3691CF2EE452C75E
                                                                                                                                Function 00007FF6E37782B0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _fread_nolock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 840049012-0
                                                                                                                                • Opcode ID: a3484fdf5a082daa6d57b09c7b03b0fff055ecd784837a7b9601aa0a95c93dc9
                                                                                                                                • Instruction ID: b029040ee443801a3f3a1ac8472bd4a41853e8a7d527ea6a9f97097dc5d913eb
                                                                                                                                • Opcode Fuzzy Hash: a3484fdf5a082daa6d57b09c7b03b0fff055ecd784837a7b9601aa0a95c93dc9
                                                                                                                                • Instruction Fuzzy Hash: A6219323B0826255FE509A16A4067BE7E51FF49BD5F885430EE0D977C6CE3EE051820E
                                                                                                                                Function 00007FF6E378BEFC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: cf493e245973df117cfb9bdb4be30e1b7cc3e093745a0bb3aa436662ba277ffd
                                                                                                                                • Instruction ID: e28a227b0b64fa3d3bdaab47104f04edc94bbe34a38831a883b1e4e200f6fb67
                                                                                                                                • Opcode Fuzzy Hash: cf493e245973df117cfb9bdb4be30e1b7cc3e093745a0bb3aa436662ba277ffd
                                                                                                                                • Instruction Fuzzy Hash: 22315E23A1866285FF519B56884237C3F60AF84BA5F410135EA1DA73D2CF7EE861871E
                                                                                                                                Function 00007FF6E37864A8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: c06f943cf2cfad6cae40bb945918742757c954c3eb67e691afc5a150f41a7f23
                                                                                                                                • Instruction ID: e9219d21f1f490c94479fc151a5bafb1decdad8fa457be5d0aeacf4e107d783c
                                                                                                                                • Opcode Fuzzy Hash: c06f943cf2cfad6cae40bb945918742757c954c3eb67e691afc5a150f41a7f23
                                                                                                                                • Instruction Fuzzy Hash: BF118423E1C66181EE609F51A40337DBA64BF85B80F154431EB4DA7A86DF7ED560C70E
                                                                                                                                Function 00007FF6E3796CAC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: c0ad99c40d53020ccb328d164a39266f2dfd48b33636b9c7a3122610519525da
                                                                                                                                • Instruction ID: f2648370199b2597b44ef2d0be142ba50485e30359a61460e7c872cd81c465a4
                                                                                                                                • Opcode Fuzzy Hash: c0ad99c40d53020ccb328d164a39266f2dfd48b33636b9c7a3122610519525da
                                                                                                                                • Instruction Fuzzy Hash: 4921C533A1CA4186DF618F18E4423797BA0EB85B64F154334EA5D976D9DF3ED820CB09
                                                                                                                                Function 00007FF6E37804FC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: e4e6805aeaf9884a68cba76bd798531beecc2a98c7129b287afec428eebc8cdc
                                                                                                                                • Instruction ID: 5cfd3073c55faec2801a899fcc250f7b9628b1d40a24741c2b57f0ab3fd7572f
                                                                                                                                • Opcode Fuzzy Hash: e4e6805aeaf9884a68cba76bd798531beecc2a98c7129b287afec428eebc8cdc
                                                                                                                                • Instruction Fuzzy Hash: F601C863A0875540EE04DB565902669BEA1BF85FE0F084670EE5CA7BD6CE3DD421830D
                                                                                                                                Function 00007FF6E3787AB0 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: af50f55acc611b54009b4ea4d598cf3424078558251c62237d26469a9987366e
                                                                                                                                • Instruction ID: 591bea232c2aacae17ac62210e291b18a299df819281e56475f6ab6a33f4e787
                                                                                                                                • Opcode Fuzzy Hash: af50f55acc611b54009b4ea4d598cf3424078558251c62237d26469a9987366e
                                                                                                                                • Instruction Fuzzy Hash: C701A112E1D2E340FEA06B6965833753D919F403A0F140534E92EE2AC6DF2FE471460F
                                                                                                                                Function 00007FF6E3787DEC Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: f6d2080b1b78402d7abe66b145058d3ba054e314cadcac67310d584db64078aa
                                                                                                                                • Instruction ID: f4a382506ad318b1a6744bdb8b8ec6b5afba1a12fcc5d17765fec960746ebb8e
                                                                                                                                • Opcode Fuzzy Hash: f6d2080b1b78402d7abe66b145058d3ba054e314cadcac67310d584db64078aa
                                                                                                                                • Instruction Fuzzy Hash: 5EE0E656E1836642FF5576A149C33B53A105F54352F044430D90EDA2D3DE1F6C75952F
                                                                                                                                Function 00007FF6E378F158 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • HeapAlloc.KERNEL32(?,?,00000000,00007FF6E378B9A6,?,?,?,00007FF6E378AB67,?,?,00000000,00007FF6E378AE02), ref: 00007FF6E378F1AD
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                • Opcode ID: 3903a8e07e771c3ce20f22a7cfda351bfc6825da59dd5d1b3ed6874a84ef80bd
                                                                                                                                • Instruction ID: 7a8bf0d7ef62aeed66c6f26c973f92609f2ffe960e6a09ab8ab2a59a3264bf6e
                                                                                                                                • Opcode Fuzzy Hash: 3903a8e07e771c3ce20f22a7cfda351bfc6825da59dd5d1b3ed6874a84ef80bd
                                                                                                                                • Instruction Fuzzy Hash: 7AF06207F0961681FE549A61E9133B53A915F49B50F4C4430CD0DE67C1DE5EE460C21E
                                                                                                                                Function 00007FF6E378DBBC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • HeapAlloc.KERNEL32(?,?,?,00007FF6E3780D24,?,?,?,00007FF6E3782236,?,?,?,?,?,00007FF6E3783829), ref: 00007FF6E378DBFA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                • Opcode ID: 4a58605cc4c1e1369a1067e1172dc77d995423b1642967883a658540b08b4ee9
                                                                                                                                • Instruction ID: 65e48450fde47f943b9954656b02be7711dc7da31da6892ac61b140bd62a1a5f
                                                                                                                                • Opcode Fuzzy Hash: 4a58605cc4c1e1369a1067e1172dc77d995423b1642967883a658540b08b4ee9
                                                                                                                                • Instruction Fuzzy Hash: 15F08203B0C3A745FE54576258033763ED09F48770F080730DD2EEA2C1DE6EA860851E

                                                                                                                                Non-executed Functions

                                                                                                                                Function 00007FF6E37751E0 Relevance: 233.1, APIs: 44, Strings: 89, Instructions: 363libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressProc
                                                                                                                                • String ID: Failed to get address for PyConfig_Clear$Failed to get address for PyConfig_InitIsolatedConfig$Failed to get address for PyConfig_Read$Failed to get address for PyConfig_SetBytesString$Failed to get address for PyConfig_SetString$Failed to get address for PyConfig_SetWideStringList$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyPreConfig_InitIsolatedConfig$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PyStatus_Exception$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetObject$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_ExitStatusException$Failed to get address for Py_Finalize$Failed to get address for Py_InitializeFromConfig$Failed to get address for Py_IsInitialized$Failed to get address for Py_PreInitialize$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                • API String ID: 190572456-4266016200
                                                                                                                                • Opcode ID: cf77275b4bf0387ff900e5ea28e17749df250fc4abdfb995cff073003fe970f9
                                                                                                                                • Instruction ID: 1aad55f1c048a620a14ef1e02145586ef58c42be4906615a3f999a5da2f52b9e
                                                                                                                                • Opcode Fuzzy Hash: cf77275b4bf0387ff900e5ea28e17749df250fc4abdfb995cff073003fe970f9
                                                                                                                                • Instruction Fuzzy Hash: 3D12DA66A1EB0391FE14CF08A8533703EB1AF44791B951535C81EF62A4EF7EA568C30E
                                                                                                                                Function 00007FF6E3771F50 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                • API String ID: 2446303242-1601438679
                                                                                                                                • Opcode ID: 2b11bbb19a83a086465840dcd7a103c40d81e06c4cc6566eb68c4ee1e4e9da55
                                                                                                                                • Instruction ID: 61e36dd30c1106f22fc21342e641cc7e0e21128001dfafd81f8662abcc209809
                                                                                                                                • Opcode Fuzzy Hash: 2b11bbb19a83a086465840dcd7a103c40d81e06c4cc6566eb68c4ee1e4e9da55
                                                                                                                                • Instruction Fuzzy Hash: FDA16937208B8586EB14CF21E45579ABB60F788B84F504229EB9D53B24CF7EE164CB48
                                                                                                                                Function 00007FF6E379471C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                • API String ID: 808467561-2761157908
                                                                                                                                • Opcode ID: 462ebf29a53f9f8e0898a565754c8078d18c0a01f6b8af8c35fed8b76f3e05ac
                                                                                                                                • Instruction ID: bf3f0beb0f5b9c25761125f94276dc69305280cf12e75da04e2195f067f286ab
                                                                                                                                • Opcode Fuzzy Hash: 462ebf29a53f9f8e0898a565754c8078d18c0a01f6b8af8c35fed8b76f3e05ac
                                                                                                                                • Instruction Fuzzy Hash: 5CB2F673E182928BEB64CF64D4427FD3BA1FB44398F411235DA0DA7A84DF39A950CB49
                                                                                                                                Function 00007FF6E3778560 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLastError.KERNEL32(00000000,00007FF6E3772A5E,?,?,?,?,?,?,?,?,?,?,?,00007FF6E377101D), ref: 00007FF6E3778587
                                                                                                                                • FormatMessageW.KERNEL32 ref: 00007FF6E37785B6
                                                                                                                                • WideCharToMultiByte.KERNEL32 ref: 00007FF6E377860C
                                                                                                                                  • Part of subcall function 00007FF6E37729E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6E37787F2,?,?,?,?,?,?,?,?,?,?,?,00007FF6E377101D), ref: 00007FF6E3772A14
                                                                                                                                  • Part of subcall function 00007FF6E37729E0: MessageBoxW.USER32 ref: 00007FF6E3772AF0
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                • API String ID: 2920928814-2573406579
                                                                                                                                • Opcode ID: 6472fed7a38855fe53d018715946baf175a16c93e2266fbaa2446d02f1e91665
                                                                                                                                • Instruction ID: b9510b60de2721e52b34a1fcb8f700cf43b22a64fb9551b22c946fc7c8aab5de
                                                                                                                                • Opcode Fuzzy Hash: 6472fed7a38855fe53d018715946baf175a16c93e2266fbaa2446d02f1e91665
                                                                                                                                • Instruction Fuzzy Hash: 3C219D32A0CA4291FF608F11E84637A3AA1FF88385F840135D54DE26E4EF3DD125870E
                                                                                                                                Function 00007FF6E377C57C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3140674995-0
                                                                                                                                • Opcode ID: 2f0e84db8cb7341a902ef28a41a93ef6eb2637ed36960dc0fb1294147411c1b9
                                                                                                                                • Instruction ID: f13cf108e23e4db18b49688dd1d41d636f42ebc1b4b0405d073232704f7ad486
                                                                                                                                • Opcode Fuzzy Hash: 2f0e84db8cb7341a902ef28a41a93ef6eb2637ed36960dc0fb1294147411c1b9
                                                                                                                                • Instruction Fuzzy Hash: E8317073608B8286EB609F60E8413ED3B60FB88744F44413ADA4E97B94DF39D258C709
                                                                                                                                Function 00007FF6E378ABD8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1239891234-0
                                                                                                                                • Opcode ID: 4ac1c30ff9e2098ff7eaac683efdfbba3e64979dbffe5e0d25534f02cf004e64
                                                                                                                                • Instruction ID: d4fb5e1530373bf4931b690e1c9c0fae37291a641742c496030ce13927b56676
                                                                                                                                • Opcode Fuzzy Hash: 4ac1c30ff9e2098ff7eaac683efdfbba3e64979dbffe5e0d25534f02cf004e64
                                                                                                                                • Instruction Fuzzy Hash: BD317433608B8186DB60CF25E8413AE7BA0FB88794F500235EA8D93B98DF3DD555CB09
                                                                                                                                Function 00007FF6E3791EE4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2227656907-0
                                                                                                                                • Opcode ID: e601e72e586d0b4de4a5ebf73eb2eb015632a136167348e3e84c4a74a70f75b2
                                                                                                                                • Instruction ID: 35b21276e3cf7b019d4e71e9495f2e416ee7ef0f203b7cfa15917eec3f2ecc5d
                                                                                                                                • Opcode Fuzzy Hash: e601e72e586d0b4de4a5ebf73eb2eb015632a136167348e3e84c4a74a70f75b2
                                                                                                                                • Instruction Fuzzy Hash: EEB1D723B1869A41EE60AF2598023B97B51EB44BD4F464231EE4DA7BC5DF3DE461C30D
                                                                                                                                Function 00007FF6E377C460 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                • Opcode ID: d807bcf8cbcf5afbec6ed78c6a62c7f595d782d60191141b96be5bff8736c763
                                                                                                                                • Instruction ID: d93723089c5ea6804565f532b9c5a8c5a165cd73453e7f88cdc7f67cc3294320
                                                                                                                                • Opcode Fuzzy Hash: d807bcf8cbcf5afbec6ed78c6a62c7f595d782d60191141b96be5bff8736c763
                                                                                                                                • Instruction Fuzzy Hash: 8B115E22B14F0589EF00CF60E8553BD37A4FB58758F040E31DA6D9ABA4DF78D1A48384
                                                                                                                                Function 00007FF6E3794280 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcpy_s
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1502251526-0
                                                                                                                                • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                • Instruction ID: 6cd81152c4805d39075c3f67a0b83bb41ca91ee551b28a922870c69117b00a4a
                                                                                                                                • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                • Instruction Fuzzy Hash: 4FC1F673B192C587DB24CF59A04576ABBA1F798784F468234DB4AA3744DF3EE850CB08
                                                                                                                                Function 00007FF6E3799FF8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionRaise_clrfp
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 15204871-0
                                                                                                                                • Opcode ID: b4cdb5d9b405a5f2b155a4653528c407a9956d0b6218a393af626003cf1b5a24
                                                                                                                                • Instruction ID: fb1987b9d291dc01f583c5e0f26a7f9f8cf3be80654d66581374cb7974a843c0
                                                                                                                                • Opcode Fuzzy Hash: b4cdb5d9b405a5f2b155a4653528c407a9956d0b6218a393af626003cf1b5a24
                                                                                                                                • Instruction Fuzzy Hash: 98B14F73605B898BEB55CF29C84636C3BA0F784B48F168921DB9D877A4CF3AD461C709
                                                                                                                                Function 00007FF6E37788D0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                • Opcode ID: 61dd1ed1e1c953fe7bf24916078f2f4a3db137be7e9bcdd6edf362509e7e8552
                                                                                                                                • Instruction ID: b39ffa3934f60a06d2bf54e76a27683d7ad1d376329fc14b32fc4632dfc9d4a6
                                                                                                                                • Opcode Fuzzy Hash: 61dd1ed1e1c953fe7bf24916078f2f4a3db137be7e9bcdd6edf362509e7e8552
                                                                                                                                • Instruction Fuzzy Hash: 34F0A433A1C78586FB608F64F44A77A7B90EB84764F004335D66D526D4EF3CD0288A09
                                                                                                                                Function 00007FF6E3783AE4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: $
                                                                                                                                • API String ID: 0-227171996
                                                                                                                                • Opcode ID: 631a3e48eb673e1850d57232dc56befdf755ff5fd67b38a64b6ca9c49a913018
                                                                                                                                • Instruction ID: f6983e957c8fc418229771d4e2119bfe2a23cfb2decabcb459b8c1ad59a45910
                                                                                                                                • Opcode Fuzzy Hash: 631a3e48eb673e1850d57232dc56befdf755ff5fd67b38a64b6ca9c49a913018
                                                                                                                                • Instruction Fuzzy Hash: 85E1B53BA0866681FF688A1D805223D3BA0EF45B58F145135DE0EA77D4DF2BE861C74E
                                                                                                                                Function 00007FF6E378E4B0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: e+000$gfff
                                                                                                                                • API String ID: 0-3030954782
                                                                                                                                • Opcode ID: 95f5c728ca916dfdd01defb08dd518f9d9b28e517fc4b7b4370436378f7798ef
                                                                                                                                • Instruction ID: 55b51123795f7a63d5dd8d1ceb8c7dcdccffbada9622b7b714e3f72ed9e04e4b
                                                                                                                                • Opcode Fuzzy Hash: 95f5c728ca916dfdd01defb08dd518f9d9b28e517fc4b7b4370436378f7798ef
                                                                                                                                • Instruction Fuzzy Hash: FA518C23B182E546EB248E359906769BF91E784B94F488231CBACD7EC5DF3ED450870A
                                                                                                                                Function 00007FF6E378E01C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: gfffffff
                                                                                                                                • API String ID: 0-1523873471
                                                                                                                                • Opcode ID: da57d4f04fe3a59080078ae7a8b70c1646e0beb0550e210eb96496c016bfbe06
                                                                                                                                • Instruction ID: 106506a9ccb7a3cc36ecd3d09b9aedff9f240a98b803faa5f1226b47a8887997
                                                                                                                                • Opcode Fuzzy Hash: da57d4f04fe3a59080078ae7a8b70c1646e0beb0550e210eb96496c016bfbe06
                                                                                                                                • Instruction Fuzzy Hash: B6A14563A0879586EF21CB25A4017ADBF91AB957C4F049131DE8D97B81DF3EE911C30A
                                                                                                                                Function 00007FF6E37886D0 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID: TMP
                                                                                                                                • API String ID: 3215553584-3125297090
                                                                                                                                • Opcode ID: cf0abd2c7e4acdbc7dd987358b9028f2a59d8daca936b72b1b12d96a797a3aac
                                                                                                                                • Instruction ID: 5bbd4cbf6ee4e86983891baa3279474918776ac73c9c2b4e908de0984255a3f8
                                                                                                                                • Opcode Fuzzy Hash: cf0abd2c7e4acdbc7dd987358b9028f2a59d8daca936b72b1b12d96a797a3aac
                                                                                                                                • Instruction Fuzzy Hash: 1651D403F0866251FE64AA66591337A7AA16F44BC4F084538DE0DE77D1EF3EE472820E
                                                                                                                                Function 00007FF6E3793AF0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HeapProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 54951025-0
                                                                                                                                • Opcode ID: 2a498131316ba0cf2da72d1126b97be92acaa4b08e35d008cc1bd8d186f782f7
                                                                                                                                • Instruction ID: bb5124d78ddb51202478757c72bd001067f9be50234c3566374ba4b2f1a9d792
                                                                                                                                • Opcode Fuzzy Hash: 2a498131316ba0cf2da72d1126b97be92acaa4b08e35d008cc1bd8d186f782f7
                                                                                                                                • Instruction Fuzzy Hash: 9AB09221E0BA4AC2EF486B216C873143AA67F48B00FA54138C10DA1320DE2D20B5470A
                                                                                                                                Function 00007FF6E37836E0 Relevance: .3, Instructions: 327COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 208e6a978d65b3df04c2d2163cfe11b9ca3e791e60348233d6b397c6ac133608
                                                                                                                                • Instruction ID: 7f0b9cf8bc11b3f7a428bed47f1c80bb21cf29d9a855a842f88949b673c8e37f
                                                                                                                                • Opcode Fuzzy Hash: 208e6a978d65b3df04c2d2163cfe11b9ca3e791e60348233d6b397c6ac133608
                                                                                                                                • Instruction Fuzzy Hash: 9BD1E76BA0866285FF688A2D805237D3BA0EF05B48F144635CE0DA7694CF3FD865D74E
                                                                                                                                Function 00007FF6E3778FD0 Relevance: .3, Instructions: 287COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 926518188b614a96dab23eca74cd6fab0ac352dd7b9dabb22d14e7e66e5c8c54
                                                                                                                                • Instruction ID: 8d2bb4d4ed539f17bd20322a0f9013ae32e7f74e69d225e6319f31e8ae77a346
                                                                                                                                • Opcode Fuzzy Hash: 926518188b614a96dab23eca74cd6fab0ac352dd7b9dabb22d14e7e66e5c8c54
                                                                                                                                • Instruction Fuzzy Hash: ECC125332141F44BDA98EB29E45947A37E1F7A930ABD5403AEB878B7C1CA3DE414D750
                                                                                                                                Function 00007FF6E3782D50 Relevance: .2, Instructions: 241COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b67fe5c4df14f10fbabbc179396d5558260dc0a4d214c0f6109c6307dd6f74d9
                                                                                                                                • Instruction ID: 0f03500189c71dcb52b9212d060ddc275480479b2d0236d7190d22a3c1dfb1c9
                                                                                                                                • Opcode Fuzzy Hash: b67fe5c4df14f10fbabbc179396d5558260dc0a4d214c0f6109c6307dd6f74d9
                                                                                                                                • Instruction Fuzzy Hash: A7B15B779086A585EB658F29C05533C3FA1EB49F48F244235CA8EA7395CF3AD461C70E
                                                                                                                                Function 00007FF6E378EB30 Relevance: .2, Instructions: 198COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 41de09fd609196546d8b05baa0994189bc53ea50dddfb86cdccda31fca7eba1c
                                                                                                                                • Instruction ID: 2414b69e3da6e5fe7c091ce7e48f96146f37d40d7e09edf507b22695133a54dc
                                                                                                                                • Opcode Fuzzy Hash: 41de09fd609196546d8b05baa0994189bc53ea50dddfb86cdccda31fca7eba1c
                                                                                                                                • Instruction Fuzzy Hash: 7A81F373A0C79146EB748B19948237ABE91FB857D4F044235DA8DA3F89DF3ED0508B09
                                                                                                                                Function 00007FF6E3796D70 Relevance: .2, Instructions: 183COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: 14e965909f7280d7a3652a0ca181d92c694a9cf8fd4ee26df7ecbe6e2bc61af1
                                                                                                                                • Instruction ID: 504cc6e19cb0784402ce918c9f4b350526726d5650444239636c5dbb777110c0
                                                                                                                                • Opcode Fuzzy Hash: 14e965909f7280d7a3652a0ca181d92c694a9cf8fd4ee26df7ecbe6e2bc61af1
                                                                                                                                • Instruction Fuzzy Hash: E261A623A1C2928AFF648E2884527797A92BF40770F170739E61DD66C5DE7FE811860E
                                                                                                                                Function 00007FF6E3781A84 Relevance: .1, Instructions: 146COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 51394bb55acd0354c6b54540f03649d9a1ed653df3d59b65c3bbefa0f3d6b76a
                                                                                                                                • Instruction ID: 1eaa71c3edc915da1b3e813032cf146da68fe5c07833e570ec1ed0dbc4fa93f6
                                                                                                                                • Opcode Fuzzy Hash: 51394bb55acd0354c6b54540f03649d9a1ed653df3d59b65c3bbefa0f3d6b76a
                                                                                                                                • Instruction Fuzzy Hash: D8518977A186A186EB248F29C0463793BA0EB45B58F244131CE4DA7794DF3BE863C74D
                                                                                                                                Function 00007FF6E37822A4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3c25247ae15e209603ec1042d904b34171e82564d0ea1a98edeaeffe93ffac02
                                                                                                                                • Instruction ID: b7a55ba12584498e146daf99879cb2499d03788e8532e44144eb6990acacea28
                                                                                                                                • Opcode Fuzzy Hash: 3c25247ae15e209603ec1042d904b34171e82564d0ea1a98edeaeffe93ffac02
                                                                                                                                • Instruction Fuzzy Hash: 16519637A1866181EB248B29D05533C3BA0EB59B59F245131CE4DA7B94CF3BEC62C749
                                                                                                                                Function 00007FF6E3781E94 Relevance: .1, Instructions: 146COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fa1e8384b8f9ed93a652e40ff1fad70abf09339abefc5cb7d3385a95e3869c9a
                                                                                                                                • Instruction ID: 1431de68ed4fd9fb72e11b6c1973b318d1bfeb02a01b546f86c5dd941e70ff13
                                                                                                                                • Opcode Fuzzy Hash: fa1e8384b8f9ed93a652e40ff1fad70abf09339abefc5cb7d3385a95e3869c9a
                                                                                                                                • Instruction Fuzzy Hash: 0951A437A196A1C6EB248B29C0453393BA0EB44B59F244131DE4CA7795DF3BE863C749
                                                                                                                                Function 00007FF6E3781C90 Relevance: .1, Instructions: 145COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d4595b9fb9fef9db7488d00d8b5cf28c2737f3b7c2e6c847ec82cdef55389f28
                                                                                                                                • Instruction ID: 4bf463480e8c42e89450552662b5f5a0799858e2b6c1adebfafcc10310a21966
                                                                                                                                • Opcode Fuzzy Hash: d4595b9fb9fef9db7488d00d8b5cf28c2737f3b7c2e6c847ec82cdef55389f28
                                                                                                                                • Instruction Fuzzy Hash: C2518637A186A185EB248B29D0517383BA1EB44B5DF244131CE4DB7794CF3BE863C749
                                                                                                                                Function 00007FF6E3781880 Relevance: .1, Instructions: 145COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cbef8b130d79a7ad9bd62ede7a83548c92a3f011a0e32d449ba268992e3839f7
                                                                                                                                • Instruction ID: 201f51ddb1c8aec82577ef5f851a6947c18a3fca97f669513ac3bd468c045cd4
                                                                                                                                • Opcode Fuzzy Hash: cbef8b130d79a7ad9bd62ede7a83548c92a3f011a0e32d449ba268992e3839f7
                                                                                                                                • Instruction Fuzzy Hash: 1A51A833A186E186EB248B29C0467783BA1EB45B58F254131CE4DA7794CF3FE863D749
                                                                                                                                Function 00007FF6E37820A0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8494ecf62f03c1d3943c1d589e4c29644468de266d09ee5189585ab02985f6c2
                                                                                                                                • Instruction ID: 02e1385406a54427c7d9ddc5f7d45f04cb46159764cde88c5adfc0b4a0735eee
                                                                                                                                • Opcode Fuzzy Hash: 8494ecf62f03c1d3943c1d589e4c29644468de266d09ee5189585ab02985f6c2
                                                                                                                                • Instruction Fuzzy Hash: 6B519137A1866585EB648B29C0423383BA1EB48B59F344131CF4DA7798CF3BE862C749
                                                                                                                                Function 00007FF6E3785F30 Relevance: .1, Instructions: 138COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                • Instruction ID: c5ff4a6c6141a5b4eba86f33c56244195529c80a7795359ad9bd0c4c568784cd
                                                                                                                                • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                • Instruction Fuzzy Hash: 2841C35381D77E84ED6589180501BB43E909F227B0E5852B4DE9DB73C6CE1F29A6820F
                                                                                                                                Function 00007FF6E378A430 Relevance: .1, Instructions: 126COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorFreeHeapLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 485612231-0
                                                                                                                                • Opcode ID: 2970ddd5f501fe71afef01217e103934546d8fb7f20af68bec1b913dc8647c23
                                                                                                                                • Instruction ID: f7ecbb82ce2e726a9442283a52c0239cbefe155cb73c9df63cbeae27dd37b8ff
                                                                                                                                • Opcode Fuzzy Hash: 2970ddd5f501fe71afef01217e103934546d8fb7f20af68bec1b913dc8647c23
                                                                                                                                • Instruction Fuzzy Hash: 2141F563B14A5581FF54CF2AD91526AB7A1AB48FD0B099032EE4DD7B58DE3DD0928308
                                                                                                                                Function 00007FF6E3787C98 Relevance: .1, Instructions: 98COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d2b002bbc49f8edc76fb8066870c38d7afee558bd2249c300808c44e7bc92a50
                                                                                                                                • Instruction ID: 4ae10647d284a67e8c005447b43afc6c0e1bfa2fc1e85d30ab9cc20831a27552
                                                                                                                                • Opcode Fuzzy Hash: d2b002bbc49f8edc76fb8066870c38d7afee558bd2249c300808c44e7bc92a50
                                                                                                                                • Instruction Fuzzy Hash: 7731C733718B9281EB549F2564422797AD4AB84BA0F044238EA4EB3796DF3DD021830D
                                                                                                                                Function 00007FF6E3799E40 Relevance: .0, Instructions: 32COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dada551c461b21fdad657b6bac4cbdfad31b05eb9b59333086b2e0a15b162055
                                                                                                                                • Instruction ID: 6a16879b719ae57f821ebc971a66ba47f39420041f17d2db1f817b7f64f5bc76
                                                                                                                                • Opcode Fuzzy Hash: dada551c461b21fdad657b6bac4cbdfad31b05eb9b59333086b2e0a15b162055
                                                                                                                                • Instruction Fuzzy Hash: 51F044726182558ADB948F29A4037297BE1E748380B448079D589C7E18DA3D94608F19
                                                                                                                                Function 00007FF6E377C760 Relevance: .0, Instructions: 2COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5749315d7b24dceccc8714b5042f108a7de79c1631c17c6a95dc8ed6b888950b
                                                                                                                                • Instruction ID: 076c4a997e255b934a00318fa1618de4e02f5d1fb0f4f62c67e973535bf06c51
                                                                                                                                • Opcode Fuzzy Hash: 5749315d7b24dceccc8714b5042f108a7de79c1631c17c6a95dc8ed6b888950b
                                                                                                                                • Instruction Fuzzy Hash: 22A00162948806D1EA448B50A8522B03A20EB55302B510136D00EA10A09F2EA561824E
                                                                                                                                Function 00007FF6E3776EF0 Relevance: 164.8, APIs: 31, Strings: 63, Instructions: 263libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressProc
                                                                                                                                • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                • API String ID: 190572456-2208601799
                                                                                                                                • Opcode ID: 7c721144a29f82c0df2178d2ac20e82e85a8926ad6b3cde14d1131664071774a
                                                                                                                                • Instruction ID: 5d449bde283b899a30b8ceba19cabbc586f5c0ea64afc5bc6851a2e978c56929
                                                                                                                                • Opcode Fuzzy Hash: 7c721144a29f82c0df2178d2ac20e82e85a8926ad6b3cde14d1131664071774a
                                                                                                                                • Instruction Fuzzy Hash: AFE1D963A0DB03D0FE158F08A8533757FA5AF44791B865235C80DA66A8EF7EF564830E
                                                                                                                                Function 00007FF6E37712B0 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 136COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Message_fread_nolock
                                                                                                                                • String ID: %s%c%s$Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$\$fread$fseek$malloc
                                                                                                                                • API String ID: 3065259568-2316137593
                                                                                                                                • Opcode ID: b33f58b5d6ae28b15dfa25b64e3fbd1b1934ea115dda0f842008646e6ef0f35a
                                                                                                                                • Instruction ID: 006cb06cdba937c8e5b3bc065e3f83213ce828bef2a97c580d361ffb30e5be6d
                                                                                                                                • Opcode Fuzzy Hash: b33f58b5d6ae28b15dfa25b64e3fbd1b1934ea115dda0f842008646e6ef0f35a
                                                                                                                                • Instruction Fuzzy Hash: 2151D323A0868345EE20AB11A8527FA3B94EF447C5F404131EE4DA7BC5EE7EE551C34E
                                                                                                                                Function 00007FF6E37723F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                • String ID: P%
                                                                                                                                • API String ID: 2147705588-2959514604
                                                                                                                                • Opcode ID: 7645c0c2d2fce03d3aab2d1fd33ee4a3925b53edade4cf92fedf68089910dc30
                                                                                                                                • Instruction ID: 45f90911eafcfb3e69b3711281e93f035358e46155d344af0ffc097bd80e9139
                                                                                                                                • Opcode Fuzzy Hash: 7645c0c2d2fce03d3aab2d1fd33ee4a3925b53edade4cf92fedf68089910dc30
                                                                                                                                • Instruction Fuzzy Hash: 605119276047A186DA349F26F0182BABBA1F798B61F004121EFDE83794DF3DD095DB14
                                                                                                                                Function 00007FF6E37867A4 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID: -$:$f$p$p
                                                                                                                                • API String ID: 3215553584-2013873522
                                                                                                                                • Opcode ID: c6ac63e3974c66327622d921c1304357062fd3cb2bcbfe9c56688102bfb98152
                                                                                                                                • Instruction ID: bbc33f47e0a525c743d117152a6f5188b898c306a90150c29eff9e185e05581b
                                                                                                                                • Opcode Fuzzy Hash: c6ac63e3974c66327622d921c1304357062fd3cb2bcbfe9c56688102bfb98152
                                                                                                                                • Instruction Fuzzy Hash: F712E363E0C163A2FF205A18F1467B97E91EB40754F954035E789A76C4DF3EE4A08B1E
                                                                                                                                Function 00007FF6E3781108 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID: f$f$p$p$f
                                                                                                                                • API String ID: 3215553584-1325933183
                                                                                                                                • Opcode ID: 7160b50ef5c5d9843a5fd5f0d5cd643ebb1f382f7049b3f2f81a6a7c29ab944c
                                                                                                                                • Instruction ID: dcabadaaffc9fbb8dd8d644d5645132ae4b90596ecd5962ed857f863ed512070
                                                                                                                                • Opcode Fuzzy Hash: 7160b50ef5c5d9843a5fd5f0d5cd643ebb1f382f7049b3f2f81a6a7c29ab944c
                                                                                                                                • Instruction Fuzzy Hash: 4C129163E0C1E386FF609A15E0167B97B51EB40750F944139E69AE66C4DF3EE4A0CB0E
                                                                                                                                Function 00007FF6E37715A0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 99COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Message
                                                                                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                • API String ID: 2030045667-3659356012
                                                                                                                                • Opcode ID: 60800b8341f6ed6232bf3c08ce047e3bb6bf7a72e4122de6b6d496988eda1446
                                                                                                                                • Instruction ID: 954c670670df018faa24c078c485b5e9cb15c64ca3c2f0ed84a213df60ecfa4b
                                                                                                                                • Opcode Fuzzy Hash: 60800b8341f6ed6232bf3c08ce047e3bb6bf7a72e4122de6b6d496988eda1446
                                                                                                                                • Instruction Fuzzy Hash: C631D623B0864385EE20DB11A4027BA7B50FF047C4F484131DE4DE7A95EE3EE465870E
                                                                                                                                Function 00007FF6E377EB00 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                • API String ID: 849930591-393685449
                                                                                                                                • Opcode ID: 2b2a4badfdaa60d9abfb93841dcb65d735c0fc58e4118d1b5c2a51383b6331b7
                                                                                                                                • Instruction ID: f4eec78473ee346509a6e3d7c15cafb28b3114ae4d8f8a18afbc84aa68ee261d
                                                                                                                                • Opcode Fuzzy Hash: 2b2a4badfdaa60d9abfb93841dcb65d735c0fc58e4118d1b5c2a51383b6331b7
                                                                                                                                • Instruction Fuzzy Hash: 80E19E33A0874186EF609B2594423AD7BA0FB857C9F100535EE4DA7F95CF39E1A1C70A
                                                                                                                                Function 00007FF6E378F1D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF6E378F56A,?,?,000002C5B136AB08,00007FF6E378B317,?,?,?,00007FF6E378B20E,?,?,?,00007FF6E3786452), ref: 00007FF6E378F34C
                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF6E378F56A,?,?,000002C5B136AB08,00007FF6E378B317,?,?,?,00007FF6E378B20E,?,?,?,00007FF6E3786452), ref: 00007FF6E378F358
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressFreeLibraryProc
                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                • API String ID: 3013587201-537541572
                                                                                                                                • Opcode ID: d2429d82f74935346a71535361e23a0a0fd68cfa18870ede5d154c99e1daa8a5
                                                                                                                                • Instruction ID: dec55fd5d16d44a2ecaa3331adc54e65434331e4fd0010a488a0842579bfb1b3
                                                                                                                                • Opcode Fuzzy Hash: d2429d82f74935346a71535361e23a0a0fd68cfa18870ede5d154c99e1daa8a5
                                                                                                                                • Instruction Fuzzy Hash: A641F223B19A1241EE15CB16E8067793A91BF48BA0F594135DD0DF7B84EE3EE469C30E
                                                                                                                                Function 00007FF6E37786B0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6E377101D), ref: 00007FF6E3778747
                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6E377101D), ref: 00007FF6E377879E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiWide
                                                                                                                                • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                • API String ID: 626452242-27947307
                                                                                                                                • Opcode ID: 3d8cc197ee630c3fb00dd31b72f24074ca9fe52add05c6a83a64952da4f63ba4
                                                                                                                                • Instruction ID: b75b614b4252bbb24cac8a2b66d4cc07a37116682ad7bc97b241c66c8b1373f6
                                                                                                                                • Opcode Fuzzy Hash: 3d8cc197ee630c3fb00dd31b72f24074ca9fe52add05c6a83a64952da4f63ba4
                                                                                                                                • Instruction Fuzzy Hash: AA418433A08B9282DA20CF55F84227ABAA1FB44790F544139DA8DA7B94DF3DD465C70D
                                                                                                                                Function 00007FF6E3778BF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00007FF6E37739EA), ref: 00007FF6E3778C31
                                                                                                                                  • Part of subcall function 00007FF6E37729E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6E37787F2,?,?,?,?,?,?,?,?,?,?,?,00007FF6E377101D), ref: 00007FF6E3772A14
                                                                                                                                  • Part of subcall function 00007FF6E37729E0: MessageBoxW.USER32 ref: 00007FF6E3772AF0
                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00007FF6E37739EA), ref: 00007FF6E3778CA5
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                • API String ID: 3723044601-27947307
                                                                                                                                • Opcode ID: 93215b2962e715be9f5aa91d99be70836a612e16585fb8aee950a2577366c4a3
                                                                                                                                • Instruction ID: 53b99924ae531097f65afda40ab901f44fb5525a230214379a9ea3a82dc80411
                                                                                                                                • Opcode Fuzzy Hash: 93215b2962e715be9f5aa91d99be70836a612e16585fb8aee950a2577366c4a3
                                                                                                                                • Instruction Fuzzy Hash: 8B217133A09B42D5EE10DF16E8422797AE1EB84B80F584236D64DA3794EF3DE521834D
                                                                                                                                Function 00007FF6E37775A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 136COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo$_fread_nolock
                                                                                                                                • String ID: %s%c%s$ERROR: file already exists but should not: %s$PYINSTALLER_STRICT_UNPACK_MODE$WARNING: file already exists but should not: %s$\
                                                                                                                                • API String ID: 3231891352-3501660386
                                                                                                                                • Opcode ID: 755b687bb57b6196ddf589ec1dc1e09ba6bb635f149e2384a6072683996534de
                                                                                                                                • Instruction ID: 7a26559daaf99184cf45a44a805fd0e965d3aa0b047284dcfc62e3abe724083d
                                                                                                                                • Opcode Fuzzy Hash: 755b687bb57b6196ddf589ec1dc1e09ba6bb635f149e2384a6072683996534de
                                                                                                                                • Instruction Fuzzy Hash: 0951AF23A0D68341FE209B2599433F97A91DF85BD1F444134E90DE76DAEE6FE421838E
                                                                                                                                Function 00007FF6E3777420 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FF6E3778AE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF6E3772ABB), ref: 00007FF6E3778B1A
                                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF6E37779A1,00000000,?,00000000,00000000,?,00007FF6E377154F), ref: 00007FF6E377747F
                                                                                                                                  • Part of subcall function 00007FF6E3772B30: MessageBoxW.USER32 ref: 00007FF6E3772C05
                                                                                                                                Strings
                                                                                                                                • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF6E3777493
                                                                                                                                • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF6E37774DA
                                                                                                                                • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF6E3777456
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                • API String ID: 1662231829-3498232454
                                                                                                                                • Opcode ID: 5e8575f0beacdb372a81e9debe9bb6d766e8e255e7029f60019f70bf69282784
                                                                                                                                • Instruction ID: 67021632f7ed7ff82076ee2948aee17e0e77631bb7d2aca09272f9b927526de1
                                                                                                                                • Opcode Fuzzy Hash: 5e8575f0beacdb372a81e9debe9bb6d766e8e255e7029f60019f70bf69282784
                                                                                                                                • Instruction Fuzzy Hash: 7D31CA13B1C78240FE209B15D5573BA7991EF587C1F440431DA4EE27D6FD2EE124860E
                                                                                                                                Function 00007FF6E377DDB8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF6E377E06A,?,?,?,00007FF6E377DD5C,?,?,00000001,00007FF6E377D979), ref: 00007FF6E377DE3D
                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF6E377E06A,?,?,?,00007FF6E377DD5C,?,?,00000001,00007FF6E377D979), ref: 00007FF6E377DE4B
                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF6E377E06A,?,?,?,00007FF6E377DD5C,?,?,00000001,00007FF6E377D979), ref: 00007FF6E377DE75
                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF6E377E06A,?,?,?,00007FF6E377DD5C,?,?,00000001,00007FF6E377D979), ref: 00007FF6E377DEBB
                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF6E377E06A,?,?,?,00007FF6E377DD5C,?,?,00000001,00007FF6E377D979), ref: 00007FF6E377DEC7
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                • String ID: api-ms-
                                                                                                                                • API String ID: 2559590344-2084034818
                                                                                                                                • Opcode ID: fa40dd5a34ae4d0b6736a9b6b46f8404287a490a05e4db78c585315ae40f634e
                                                                                                                                • Instruction ID: 9b35c3e39fca6f38c76308938fa8304c230a6b61e933446cb6c0989135e81e9c
                                                                                                                                • Opcode Fuzzy Hash: fa40dd5a34ae4d0b6736a9b6b46f8404287a490a05e4db78c585315ae40f634e
                                                                                                                                • Instruction Fuzzy Hash: 0131B423A2A64681EE129B02980277A3BD4FF58B61F5A0535DD1DA73D0DF7DE464830E
                                                                                                                                Function 00007FF6E3778AE0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF6E3772ABB), ref: 00007FF6E3778B1A
                                                                                                                                  • Part of subcall function 00007FF6E37729E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6E37787F2,?,?,?,?,?,?,?,?,?,?,?,00007FF6E377101D), ref: 00007FF6E3772A14
                                                                                                                                  • Part of subcall function 00007FF6E37729E0: MessageBoxW.USER32 ref: 00007FF6E3772AF0
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF6E3772ABB), ref: 00007FF6E3778BA0
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                • API String ID: 3723044601-876015163
                                                                                                                                • Opcode ID: 2a7f0904e5ec1897560545d2159a663e9c273eaf1fea03a0d1ae7df506dc6c73
                                                                                                                                • Instruction ID: cfdd0826f37fe5aa41d0c2e6b7171d9d0b770ae04358994d2193467a1050b0e7
                                                                                                                                • Opcode Fuzzy Hash: 2a7f0904e5ec1897560545d2159a663e9c273eaf1fea03a0d1ae7df506dc6c73
                                                                                                                                • Instruction Fuzzy Hash: F1218623B0864191EF50CB15F842276BBA1FB847C4F484235DA5CE3BA5EE2DD551870D
                                                                                                                                Function 00007FF6E378B710 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Value$ErrorLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2506987500-0
                                                                                                                                • Opcode ID: 5e25a57dc3899cb5d9e1114fbc8c557aa55031a2469902f6cab5e8a78f8e35b9
                                                                                                                                • Instruction ID: 191e2358239cbdfac49b27fbf9fd2a2982b6a58f9f80288bf3187bbe5da9eb8e
                                                                                                                                • Opcode Fuzzy Hash: 5e25a57dc3899cb5d9e1114fbc8c557aa55031a2469902f6cab5e8a78f8e35b9
                                                                                                                                • Instruction Fuzzy Hash: 6E216D26B0936241FE646731AA573397E415F447B0F140739D93DE6BC6DE2EE421860F
                                                                                                                                Function 00007FF6E37985BC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                • String ID: CONOUT$
                                                                                                                                • API String ID: 3230265001-3130406586
                                                                                                                                • Opcode ID: 47774de373198f8681994077b4026dd9a590ed4534763da2009e0dd4878e84a9
                                                                                                                                • Instruction ID: 12b844729accd4522f9e29fcfe32686ac43e284f6106cd6a730c218b29027fff
                                                                                                                                • Opcode Fuzzy Hash: 47774de373198f8681994077b4026dd9a590ed4534763da2009e0dd4878e84a9
                                                                                                                                • Instruction Fuzzy Hash: CC11B123A18A4186EB508F42E8557297AA0FB88FE0F010334DA1ED77A4DF3DD824874D
                                                                                                                                Function 00007FF6E378B888 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF6E37854CD,?,?,?,?,00007FF6E378F1BF,?,?,00000000,00007FF6E378B9A6,?,?,?), ref: 00007FF6E378B897
                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6E37854CD,?,?,?,?,00007FF6E378F1BF,?,?,00000000,00007FF6E378B9A6,?,?,?), ref: 00007FF6E378B8CD
                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6E37854CD,?,?,?,?,00007FF6E378F1BF,?,?,00000000,00007FF6E378B9A6,?,?,?), ref: 00007FF6E378B8FA
                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6E37854CD,?,?,?,?,00007FF6E378F1BF,?,?,00000000,00007FF6E378B9A6,?,?,?), ref: 00007FF6E378B90B
                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6E37854CD,?,?,?,?,00007FF6E378F1BF,?,?,00000000,00007FF6E378B9A6,?,?,?), ref: 00007FF6E378B91C
                                                                                                                                • SetLastError.KERNEL32(?,?,?,00007FF6E37854CD,?,?,?,?,00007FF6E378F1BF,?,?,00000000,00007FF6E378B9A6,?,?,?), ref: 00007FF6E378B937
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Value$ErrorLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2506987500-0
                                                                                                                                • Opcode ID: 941158fb4e6d3a9375e13d6d10033e8ffcdbbced4d4dd5e625aa307a16b34608
                                                                                                                                • Instruction ID: 1040af637d299d7d2f1e67b11e2f1b3ae2797078ce6c1124ce63704a7348368b
                                                                                                                                • Opcode Fuzzy Hash: 941158fb4e6d3a9375e13d6d10033e8ffcdbbced4d4dd5e625aa307a16b34608
                                                                                                                                • Instruction Fuzzy Hash: 76116F22B0D66281FE545731A9573397E519F887B0F540734E83EE66C6DE2EE422870F
                                                                                                                                Function 00007FF6E377D778 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                • String ID: csm$f
                                                                                                                                • API String ID: 2395640692-629598281
                                                                                                                                • Opcode ID: c8f7f253a213423ff5db8842e39d1181b4fa0cc0edf0f0e27fe70a45a9ca17df
                                                                                                                                • Instruction ID: ee5c88851e53f69915968b17a45e2a23a8cd140c685b8b917e27b85a5bf6e453
                                                                                                                                • Opcode Fuzzy Hash: c8f7f253a213423ff5db8842e39d1181b4fa0cc0edf0f0e27fe70a45a9ca17df
                                                                                                                                • Instruction Fuzzy Hash: 0F51C233A192028AEF54CF15E405B3A3BD5FB84B95F118534DA5EA7788DF3AE8508B0D
                                                                                                                                Function 00007FF6E3772600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                • String ID: Unhandled exception in script
                                                                                                                                • API String ID: 3081866767-2699770090
                                                                                                                                • Opcode ID: ef2f79dabe8b940bf64869f24e404b0ac86445532df2e67e8084f44f9f65f5c2
                                                                                                                                • Instruction ID: f07dd659d1f4cb109aa3ea7625ac4ea7d66bebdecac483a02647e357e4f92cf3
                                                                                                                                • Opcode Fuzzy Hash: ef2f79dabe8b940bf64869f24e404b0ac86445532df2e67e8084f44f9f65f5c2
                                                                                                                                • Instruction Fuzzy Hash: B6316D33608A8284EF20DF25E8562F97BA0FF88784F400135EA4D9BA99DF3DD115C70A
                                                                                                                                Function 00007FF6E37729E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6E37787F2,?,?,?,?,?,?,?,?,?,?,?,00007FF6E377101D), ref: 00007FF6E3772A14
                                                                                                                                  • Part of subcall function 00007FF6E3778560: GetLastError.KERNEL32(00000000,00007FF6E3772A5E,?,?,?,?,?,?,?,?,?,?,?,00007FF6E377101D), ref: 00007FF6E3778587
                                                                                                                                  • Part of subcall function 00007FF6E3778560: FormatMessageW.KERNEL32 ref: 00007FF6E37785B6
                                                                                                                                  • Part of subcall function 00007FF6E3778AE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF6E3772ABB), ref: 00007FF6E3778B1A
                                                                                                                                • MessageBoxW.USER32 ref: 00007FF6E3772AF0
                                                                                                                                • MessageBoxA.USER32 ref: 00007FF6E3772B0C
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                • String ID: %s%s: %s$Fatal error detected
                                                                                                                                • API String ID: 2806210788-2410924014
                                                                                                                                • Opcode ID: c01ac0bbfceecfac493be67ae1d6a2211250b6a817a0c50f994bc812b65e1c92
                                                                                                                                • Instruction ID: dab5d6b5b5eac5b5fecf2f0db9b70f7b404800de46b9ba351ffdb3d4d6b4745b
                                                                                                                                • Opcode Fuzzy Hash: c01ac0bbfceecfac493be67ae1d6a2211250b6a817a0c50f994bc812b65e1c92
                                                                                                                                • Instruction Fuzzy Hash: C831A67362868591EA30DB10E4427EA7BA4FF847C4F404136E68DA3A99DF3DD215CB4D
                                                                                                                                Function 00007FF6E378A018 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                • Opcode ID: bbe3d75c1d18d9b252fc65a249d413b32bc9fbcf71b4c61f8ce4d80949566840
                                                                                                                                • Instruction ID: 3f9370e12f9e84d1b55a821b412b6001f190ac0c790ab47c99491469b8cef4c1
                                                                                                                                • Opcode Fuzzy Hash: bbe3d75c1d18d9b252fc65a249d413b32bc9fbcf71b4c61f8ce4d80949566840
                                                                                                                                • Instruction Fuzzy Hash: 38F0AF22A0860681EF508F24E8463797B60EF887A1F540335C5AE961E4DF2ED098C30E
                                                                                                                                Function 00007FF6E3799C40 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _set_statfp
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1156100317-0
                                                                                                                                • Opcode ID: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                • Instruction ID: d791576840cf3554430a7292a0c69b5a0a6b3b80c51ee703a7db7d58481ad49b
                                                                                                                                • Opcode Fuzzy Hash: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                • Instruction Fuzzy Hash: 43111C63E18A0301FF541979A94737528D06F5F360E061B34E96EA62DADE2EAC60420E
                                                                                                                                Function 00007FF6E378B950 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • FlsGetValue.KERNEL32(?,?,?,00007FF6E378AB67,?,?,00000000,00007FF6E378AE02,?,?,?,?,?,00007FF6E37830CC), ref: 00007FF6E378B96F
                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6E378AB67,?,?,00000000,00007FF6E378AE02,?,?,?,?,?,00007FF6E37830CC), ref: 00007FF6E378B98E
                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6E378AB67,?,?,00000000,00007FF6E378AE02,?,?,?,?,?,00007FF6E37830CC), ref: 00007FF6E378B9B6
                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6E378AB67,?,?,00000000,00007FF6E378AE02,?,?,?,?,?,00007FF6E37830CC), ref: 00007FF6E378B9C7
                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6E378AB67,?,?,00000000,00007FF6E378AE02,?,?,?,?,?,00007FF6E37830CC), ref: 00007FF6E378B9D8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Value
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                • Opcode ID: 4fc6ccaa14371e387e5c22fb95057e46c3ade10dd54edcd3ce0e48e5b46d1de5
                                                                                                                                • Instruction ID: 2a8c826610641a92734516a44df32bb4524680a8734b1cd0a84fb060526c0025
                                                                                                                                • Opcode Fuzzy Hash: 4fc6ccaa14371e387e5c22fb95057e46c3ade10dd54edcd3ce0e48e5b46d1de5
                                                                                                                                • Instruction Fuzzy Hash: 58116D22B0966281FE589726E9533397D415F843B0F144334E87DE67C6DE2EF462860F
                                                                                                                                Function 00007FF6E378B7E4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Value
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                • Opcode ID: 64fe73475c7f3c5e3ff0e30dd8e21900901c314ca9004384e47b330d372873f3
                                                                                                                                • Instruction ID: 89e6b92816658c021937ede99448dab542ba11c8f588ffeb2a1b66faeb059267
                                                                                                                                • Opcode Fuzzy Hash: 64fe73475c7f3c5e3ff0e30dd8e21900901c314ca9004384e47b330d372873f3
                                                                                                                                • Instruction Fuzzy Hash: C4111C12E0922741FE58663198133793D419F85370E140B34D93DE96D3EE2EB421964F
                                                                                                                                Function 00007FF6E37864B4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID: verbose
                                                                                                                                • API String ID: 3215553584-579935070
                                                                                                                                • Opcode ID: ad3fface7d4b2ce3aa9510f497705372120eac90acd968bb25d3a192cbea6c12
                                                                                                                                • Instruction ID: 59354553bebf2fdd16239183612994d98ee0bfda8b129ba2d8182606951fe489
                                                                                                                                • Opcode Fuzzy Hash: ad3fface7d4b2ce3aa9510f497705372120eac90acd968bb25d3a192cbea6c12
                                                                                                                                • Instruction Fuzzy Hash: D791E023A0C6A691FF618E25E41237D3BA0AB00B54F464136DB5DE73C5DE3EE821834E
                                                                                                                                Function 00007FF6E37905A8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                • API String ID: 3215553584-1196891531
                                                                                                                                • Opcode ID: 1a54e2a2b62d6839c513ace75884cea9e48035532f3c44be9a18c4b4dcf643eb
                                                                                                                                • Instruction ID: c7972bb5d303296bddd15aff167160c8b650046477580d480d390dedc647dbe2
                                                                                                                                • Opcode Fuzzy Hash: 1a54e2a2b62d6839c513ace75884cea9e48035532f3c44be9a18c4b4dcf643eb
                                                                                                                                • Instruction Fuzzy Hash: 3881B377E2860285FE644F2585163783EA0AB10B94F5742B8CA09F7295CF2FE4619A4F
                                                                                                                                Function 00007FF6E377EFD8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CallEncodePointerTranslator
                                                                                                                                • String ID: MOC$RCC
                                                                                                                                • API String ID: 3544855599-2084237596
                                                                                                                                • Opcode ID: 37ce56c1d967fba8f41503b71a699ba51a6fbc199d8f022e66d4a2d7a57293db
                                                                                                                                • Instruction ID: 2859b1deb376b342b7e7fae6e98eb3cf2e10353eeafa18382865d6174ca143e0
                                                                                                                                • Opcode Fuzzy Hash: 37ce56c1d967fba8f41503b71a699ba51a6fbc199d8f022e66d4a2d7a57293db
                                                                                                                                • Instruction Fuzzy Hash: CE619C33A08B458AEB10CF65D5813AD7BA0FB48B99F044225EF4D67B94DF39E064C709
                                                                                                                                Function 00007FF6E377F334 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                • String ID: csm$csm
                                                                                                                                • API String ID: 3896166516-3733052814
                                                                                                                                • Opcode ID: 80d5d2ed719ea387a00afc8e5c38e85421d4b0de11d669121429011e6c75d481
                                                                                                                                • Instruction ID: f1bd481ba6098fc96f5d94981d81b5e5af8bab3cefd82c25332a2a2037e73ea9
                                                                                                                                • Opcode Fuzzy Hash: 80d5d2ed719ea387a00afc8e5c38e85421d4b0de11d669121429011e6c75d481
                                                                                                                                • Instruction Fuzzy Hash: 16518E3390828286EE648F25D6463787BA0EF45B96F144135DA9CA7BD5CF3DE460CB0E
                                                                                                                                Function 00007FF6E3772890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Message$ByteCharMultiWide
                                                                                                                                • String ID: %s%s: %s$Fatal error detected
                                                                                                                                • API String ID: 1878133881-2410924014
                                                                                                                                • Opcode ID: e8e3c511841a02337865787422672dc7088828a74b651abb3bad42d47e8d3758
                                                                                                                                • Instruction ID: 280a376f6cc6d273e55d9d0389d055af8cab976b506049cb0ab536ffa42f70ff
                                                                                                                                • Opcode Fuzzy Hash: e8e3c511841a02337865787422672dc7088828a74b651abb3bad42d47e8d3758
                                                                                                                                • Instruction Fuzzy Hash: 0031A57362868181EA30DB10E4427EA7BA4FF847C4F804136E68DA7A99CF3DD215CB4D
                                                                                                                                Function 00007FF6E3773EC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetModuleFileNameW.KERNEL32(?,00007FF6E37739EA), ref: 00007FF6E3773EF1
                                                                                                                                  • Part of subcall function 00007FF6E37729E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6E37787F2,?,?,?,?,?,?,?,?,?,?,?,00007FF6E377101D), ref: 00007FF6E3772A14
                                                                                                                                  • Part of subcall function 00007FF6E37729E0: MessageBoxW.USER32 ref: 00007FF6E3772AF0
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorFileLastMessageModuleName
                                                                                                                                • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                • API String ID: 2581892565-1977442011
                                                                                                                                • Opcode ID: 227eff0bc0a0d80c8f8e7ebb06cca3199172163df290dc8daf9e61b6ec9130a6
                                                                                                                                • Instruction ID: 210569a11787fde20893db2b597df1999bffeffc6f9dc61f8ae429fed1ea30c1
                                                                                                                                • Opcode Fuzzy Hash: 227eff0bc0a0d80c8f8e7ebb06cca3199172163df290dc8daf9e61b6ec9130a6
                                                                                                                                • Instruction Fuzzy Hash: 0B017123B2D64790FE609B24E8573B53A91EF487C5F810431D84DE66D2EE1EE135870E
                                                                                                                                Function 00007FF6E378CB60 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2718003287-0
                                                                                                                                • Opcode ID: 9513e67bca3e1584d4e6c680d6c879e0cc2bad3dff94493eb0c92e1d92f8606a
                                                                                                                                • Instruction ID: 9b2593b7bb597ef90efe1c37140f27b0591c1ec1b133d184d72209056f503c26
                                                                                                                                • Opcode Fuzzy Hash: 9513e67bca3e1584d4e6c680d6c879e0cc2bad3dff94493eb0c92e1d92f8606a
                                                                                                                                • Instruction Fuzzy Hash: 53D1F073B18A92C9EB10CF75D4412ACBBB1FB44B98B044235DE5DA7B99DE39D426C308
                                                                                                                                Function 00007FF6E3772330 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1956198572-0
                                                                                                                                • Opcode ID: ecac84c754e5eddc26d74cef75c58701df5fcac281216c238072f9f7c8686c02
                                                                                                                                • Instruction ID: a5d34260ee6a0a493b835b07e5530f9689933296da4e005f98528394cb1f3a02
                                                                                                                                • Opcode Fuzzy Hash: ecac84c754e5eddc26d74cef75c58701df5fcac281216c238072f9f7c8686c02
                                                                                                                                • Instruction Fuzzy Hash: 7C11E922E0814282FE549B69F5463793A91EF8CB81F458130EA6956BCECDAED4E1460D
                                                                                                                                Function 00007FF6E379628C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                • String ID: ?
                                                                                                                                • API String ID: 1286766494-1684325040
                                                                                                                                • Opcode ID: 17ef38b8e319b62c4683ba5c2bd00e0c19603a4e78082bfdfdcdf9d98f8fed33
                                                                                                                                • Instruction ID: edc035a99903b9a32799a358b20c06d586dc81dc709c77ba7ed839a20711fa9a
                                                                                                                                • Opcode Fuzzy Hash: 17ef38b8e319b62c4683ba5c2bd00e0c19603a4e78082bfdfdcdf9d98f8fed33
                                                                                                                                • Instruction Fuzzy Hash: DA41E313A1C29242FF209B25944237A7EA0EB847B4F164335EE5C96AD5DE3ED461C70D
                                                                                                                                Function 00007FF6E37895A4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E37895D6
                                                                                                                                  • Part of subcall function 00007FF6E378AF0C: RtlFreeHeap.NTDLL(?,?,?,00007FF6E3793392,?,?,?,00007FF6E37933CF,?,?,00000000,00007FF6E3793895,?,?,00000000,00007FF6E37937C7), ref: 00007FF6E378AF22
                                                                                                                                  • Part of subcall function 00007FF6E378AF0C: GetLastError.KERNEL32(?,?,?,00007FF6E3793392,?,?,?,00007FF6E37933CF,?,?,00000000,00007FF6E3793895,?,?,00000000,00007FF6E37937C7), ref: 00007FF6E378AF2C
                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6E377BFE5), ref: 00007FF6E37895F4
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                • String ID: C:\Users\user\Desktop\3OQL58yflv.exe
                                                                                                                                • API String ID: 3580290477-3060527791
                                                                                                                                • Opcode ID: 72bea691884ec75b0bcc04dadd89fc5e2ba2839e886db2c4c4036b89f533388c
                                                                                                                                • Instruction ID: 7b82d513b691988703fd55a8ba3b1088834f2af112fbc44fc14bf722ad58b60d
                                                                                                                                • Opcode Fuzzy Hash: 72bea691884ec75b0bcc04dadd89fc5e2ba2839e886db2c4c4036b89f533388c
                                                                                                                                • Instruction Fuzzy Hash: 2D419333A08B2286EF54DF2194423BC3BA5EF85794B544035EA4E97B85DF3EE861830D
                                                                                                                                Function 00007FF6E378D1F8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorFileLastWrite
                                                                                                                                • String ID: U
                                                                                                                                • API String ID: 442123175-4171548499
                                                                                                                                • Opcode ID: c155d3c2efe6fcc9017d536d5590e74356888db1e245345eaaebbd58f2ba0871
                                                                                                                                • Instruction ID: ec0995c4f24d4dead67843bca0e003b06a3088a24a9e178630f96dee7a3b119e
                                                                                                                                • Opcode Fuzzy Hash: c155d3c2efe6fcc9017d536d5590e74356888db1e245345eaaebbd58f2ba0871
                                                                                                                                • Instruction Fuzzy Hash: B941D023A18B9182EB20CF25E4453AA7BA0FB88794F804131EE4DD7B98EF3DD451C709
                                                                                                                                Function 00007FF6E378F918 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentDirectory
                                                                                                                                • String ID: :
                                                                                                                                • API String ID: 1611563598-336475711
                                                                                                                                • Opcode ID: 4482f0b2aa88d097fa4b172b4d0b9d8fa621ceaf6a6e580bcf5a02da10cef38f
                                                                                                                                • Instruction ID: 139f77f5f2b789dbef594e066d26cd31507fcd02bb3e5ca939585f8e224b03d1
                                                                                                                                • Opcode Fuzzy Hash: 4482f0b2aa88d097fa4b172b4d0b9d8fa621ceaf6a6e580bcf5a02da10cef38f
                                                                                                                                • Instruction Fuzzy Hash: B6210423A0829581EF209B15E00636E77B1FF88B44F518036DA8DD3284DF7EE966C74E
                                                                                                                                Function 00007FF6E3772C50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Message$ByteCharMultiWide
                                                                                                                                • String ID: Error detected
                                                                                                                                • API String ID: 1878133881-3513342764
                                                                                                                                • Opcode ID: 93d1fdc723546ae567f8218d0d5003b65100b09b9274e520b1b2c374812bf196
                                                                                                                                • Instruction ID: 1f7d251de14d8ab1183e100dec92718c1137510590ee2d4e00d701674c8d0fd3
                                                                                                                                • Opcode Fuzzy Hash: 93d1fdc723546ae567f8218d0d5003b65100b09b9274e520b1b2c374812bf196
                                                                                                                                • Instruction Fuzzy Hash: BC21D67362868691EB20DB10F4927EA7B94FF88784F805135D64DA7AA8DF3DD214C70D
                                                                                                                                Function 00007FF6E3772B30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Message$ByteCharMultiWide
                                                                                                                                • String ID: Fatal error detected
                                                                                                                                • API String ID: 1878133881-4025702859
                                                                                                                                • Opcode ID: 63802d79dfeaf9ba572d8d5d5ffec4a1fc362ac500ecb438f71a9def6701a566
                                                                                                                                • Instruction ID: 7e465e9d74702641955521afff8f6a1f380a54a43a3a108d7edb1b86a4dbc3f7
                                                                                                                                • Opcode Fuzzy Hash: 63802d79dfeaf9ba572d8d5d5ffec4a1fc362ac500ecb438f71a9def6701a566
                                                                                                                                • Instruction Fuzzy Hash: DF21B47362868191EB20DB10E4527EA7B94FF887C4F805135D64DA7AA4DF3DD214CB09
                                                                                                                                Function 00007FF6E377FE80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                                                                • String ID: csm
                                                                                                                                • API String ID: 2573137834-1018135373
                                                                                                                                • Opcode ID: 010ed9957d99c3a93ebfd805af8ad73f2bfdfbf7bf3eba5be717857b77bb313e
                                                                                                                                • Instruction ID: eb2089e833b865af7ae4f3cea2efa4136bdb67da050c9443611301fe9b83ec8e
                                                                                                                                • Opcode Fuzzy Hash: 010ed9957d99c3a93ebfd805af8ad73f2bfdfbf7bf3eba5be717857b77bb313e
                                                                                                                                • Instruction Fuzzy Hash: E8113733618B4182EB608F15F5403697BA0FB88B84F584234DA8C977A9DF3DC561CB08
                                                                                                                                Function 00007FF6E379041C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2933062987.00007FF6E3771000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E3770000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2933041440.00007FF6E3770000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933094603.00007FF6E379B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933116965.00007FF6E37B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2933155107.00007FF6E37B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6e3770000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                • String ID: :
                                                                                                                                • API String ID: 2595371189-336475711
                                                                                                                                • Opcode ID: d56ef0e9341907a819310a39eb36239c8511962549d77217a4abb3fc68a978d5
                                                                                                                                • Instruction ID: dcc4b8099630fec125624c577141595dec8acf1dde6d09d1957044e8eeeabe6b
                                                                                                                                • Opcode Fuzzy Hash: d56ef0e9341907a819310a39eb36239c8511962549d77217a4abb3fc68a978d5
                                                                                                                                • Instruction Fuzzy Hash: AB01DF2392820286FF20AF20942337E3BA0EF84715F810135D94CD66A1DE3EE524CA1E

                                                                                                                                Executed Functions

                                                                                                                                Function 00007FFE11511220 Relevance: 673.2, APIs: 191, Strings: 193, Instructions: 1225networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Module_$Constant$ObjectString$Err_$DeallocExceptionFrom$Capsule_ExitFormatLongLong_MallocMem_MetaclassStartupTypeType_Unsigned
                                                                                                                                • String ID: 00000000-0000-0000-0000-000000000000$00:00:00:00:00:00$00:00:00:FF:FF:FF$90DB8B89-0D35-4F79-8CE9-49EA0AC8B7CD$A42E7CDA-D03F-480C-9CC2-A4DE20ABB878$AF_APPLETALK$AF_BLUETOOTH$AF_DECnet$AF_HYPERV$AF_INET$AF_INET6$AF_IPX$AF_IRDA$AF_LINK$AF_SNA$AF_UNSPEC$AI_ADDRCONFIG$AI_ALL$AI_CANONNAME$AI_NUMERICHOST$AI_NUMERICSERV$AI_PASSIVE$AI_V4MAPPED$BDADDR_ANY$BDADDR_LOCAL$BTPROTO_RFCOMM$CAPI$E0E16197-DD56-4A10-9195-5EE7A155A838$EAI_AGAIN$EAI_BADFLAGS$EAI_FAIL$EAI_FAMILY$EAI_MEMORY$EAI_NODATA$EAI_NONAME$EAI_SERVICE$EAI_SOCKTYPE$FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF$HVSOCKET_ADDRESS_FLAG_PASSTHRU$HVSOCKET_CONNECTED_SUSPEND$HVSOCKET_CONNECT_TIMEOUT$HVSOCKET_CONNECT_TIMEOUT_MAX$HV_GUID_BROADCAST$HV_GUID_CHILDREN$HV_GUID_LOOPBACK$HV_GUID_PARENT$HV_GUID_WILDCARD$HV_GUID_ZERO$HV_PROTOCOL_RAW$INADDR_ALLHOSTS_GROUP$INADDR_ANY$INADDR_BROADCAST$INADDR_LOOPBACK$INADDR_MAX_LOCAL_GROUP$INADDR_NONE$INADDR_UNSPEC_GROUP$IPPORT_RESERVED$IPPORT_USERRESERVED$IPPROTO_AH$IPPROTO_CBT$IPPROTO_DSTOPTS$IPPROTO_EGP$IPPROTO_ESP$IPPROTO_FRAGMENT$IPPROTO_GGP$IPPROTO_HOPOPTS$IPPROTO_ICLFXBM$IPPROTO_ICMP$IPPROTO_ICMPV6$IPPROTO_IDP$IPPROTO_IGMP$IPPROTO_IGP$IPPROTO_IP$IPPROTO_IPV4$IPPROTO_IPV6$IPPROTO_L2TP$IPPROTO_MAX$IPPROTO_ND$IPPROTO_NONE$IPPROTO_PGM$IPPROTO_PIM$IPPROTO_PUP$IPPROTO_RAW$IPPROTO_RDP$IPPROTO_ROUTING$IPPROTO_SCTP$IPPROTO_ST$IPPROTO_TCP$IPPROTO_UDP$IPV6_CHECKSUM$IPV6_DONTFRAG$IPV6_HOPLIMIT$IPV6_HOPOPTS$IPV6_JOIN_GROUP$IPV6_LEAVE_GROUP$IPV6_MULTICAST_HOPS$IPV6_MULTICAST_IF$IPV6_MULTICAST_LOOP$IPV6_PKTINFO$IPV6_RECVRTHDR$IPV6_RECVTCLASS$IPV6_RTHDR$IPV6_TCLASS$IPV6_UNICAST_HOPS$IPV6_V6ONLY$IP_ADD_MEMBERSHIP$IP_ADD_SOURCE_MEMBERSHIP$IP_BLOCK_SOURCE$IP_DROP_MEMBERSHIP$IP_DROP_SOURCE_MEMBERSHIP$IP_HDRINCL$IP_MULTICAST_IF$IP_MULTICAST_LOOP$IP_MULTICAST_TTL$IP_OPTIONS$IP_PKTINFO$IP_RECVDSTADDR$IP_RECVTOS$IP_TOS$IP_TTL$IP_UNBLOCK_SOURCE$MSG_BCAST$MSG_CTRUNC$MSG_DONTROUTE$MSG_ERRQUEUE$MSG_MCAST$MSG_OOB$MSG_PEEK$MSG_TRUNC$MSG_WAITALL$NI_DGRAM$NI_MAXHOST$NI_MAXSERV$NI_NAMEREQD$NI_NOFQDN$NI_NUMERICHOST$NI_NUMERICSERV$RCVALL_MAX$RCVALL_OFF$RCVALL_ON$RCVALL_SOCKETLEVELONLY$SHUT_RD$SHUT_RDWR$SHUT_WR$SIO_KEEPALIVE_VALS$SIO_LOOPBACK_FAST_PATH$SIO_RCVALL$SOCK_DGRAM$SOCK_RAW$SOCK_RDM$SOCK_SEQPACKET$SOCK_STREAM$SOL_IP$SOL_SOCKET$SOL_TCP$SOL_UDP$SOMAXCONN$SO_ACCEPTCONN$SO_BROADCAST$SO_DEBUG$SO_DONTROUTE$SO_ERROR$SO_EXCLUSIVEADDRUSE$SO_KEEPALIVE$SO_LINGER$SO_OOBINLINE$SO_RCVBUF$SO_RCVLOWAT$SO_RCVTIMEO$SO_REUSEADDR$SO_SNDBUF$SO_SNDLOWAT$SO_SNDTIMEO$SO_TYPE$SO_USELOOPBACK$SocketType$TCP_FASTOPEN$TCP_KEEPCNT$TCP_KEEPIDLE$TCP_KEEPINTVL$TCP_MAXSEG$TCP_NODELAY$WSAStartup failed: error code %d$WSAStartup failed: network not ready$WSAStartup failed: requested version not supported$_socket.CAPI$error$gaierror$has_ipv6$herror$socket.gaierror$socket.herror$timeout
                                                                                                                                • API String ID: 585143114-1188461360
                                                                                                                                • Opcode ID: 7ce75d0e8ce51beaa5017a69f1cafd12c0347cf952baad51f27e7ce9e03ee791
                                                                                                                                • Instruction ID: 9bc84ae681e75e2c93bac528aea07e7b9471882f4f4f3be1ca1ec70f73c70561
                                                                                                                                • Opcode Fuzzy Hash: 7ce75d0e8ce51beaa5017a69f1cafd12c0347cf952baad51f27e7ce9e03ee791
                                                                                                                                • Instruction Fuzzy Hash: 3AC2C3A8F18F5391FB069B27E85426527AABF45BE0F8450B5CD0E86675FF6DE209C300
                                                                                                                                Function 00007FFE103018C0 Relevance: 142.0, APIs: 44, Strings: 37, Instructions: 235COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937676674.00007FFE10301000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10300000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937662597.00007FFE10300000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937692179.00007FFE1030B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937707021.00007FFE10310000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937729384.00007FFE10311000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe10300000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Module_$Constant$Err_$Exception$Eval_ObjectThread$Create2CriticalDeallocFilenameFromInfoInitializeLibraryLoadRestoreSaveSectionStateSystemVersionWindowsWithgetenv
                                                                                                                                • String ID: ABOVE_NORMAL_PRIORITY_CLASS$BELOW_NORMAL_PRIORITY_CLASS$ERROR_ACCESS_DENIED$ERROR_INVALID_NAME$ERROR_PRIVILEGE_NOT_HELD$ERROR_SERVICE_DOES_NOT_EXIST$HIGH_PRIORITY_CLASS$IDLE_PRIORITY_CLASS$INFINITE$MIB_TCP_STATE_CLOSED$MIB_TCP_STATE_CLOSE_WAIT$MIB_TCP_STATE_CLOSING$MIB_TCP_STATE_DELETE_TCB$MIB_TCP_STATE_ESTAB$MIB_TCP_STATE_FIN_WAIT1$MIB_TCP_STATE_FIN_WAIT2$MIB_TCP_STATE_LAST_ACK$MIB_TCP_STATE_LISTEN$MIB_TCP_STATE_SYN_RCVD$MIB_TCP_STATE_SYN_SENT$MIB_TCP_STATE_TIME_WAIT$NORMAL_PRIORITY_CLASS$PSUTIL_CONN_NONE$PSUTIL_DEBUG$REALTIME_PRIORITY_CLASS$TimeoutAbandoned$TimeoutExpired$WINDOWS_10$WINDOWS_7$WINDOWS_8$WINDOWS_8_1$WINDOWS_VISTA$WINVER$_psutil_windows.Error$_psutil_windows.TimeoutAbandoned$_psutil_windows.TimeoutExpired$version
                                                                                                                                • API String ID: 887074641-2468274236
                                                                                                                                • Opcode ID: 1f93bd4bca05029bf53ecd07cde9b0c4047c2b8100b84f1851f88f965fc14036
                                                                                                                                • Instruction ID: 6f5bce7def81deab2508cb90ef4623b1294b245561b02922c92ad6196cdd4f90
                                                                                                                                • Opcode Fuzzy Hash: 1f93bd4bca05029bf53ecd07cde9b0c4047c2b8100b84f1851f88f965fc14036
                                                                                                                                • Instruction Fuzzy Hash: 86C10824B1AE0281EA589F13E99477D2366AF49BF0F8040B5CB0E477B9DF6DA349C741
                                                                                                                                Function 00007FFE10301E90 Relevance: 43.9, APIs: 19, Strings: 6, Instructions: 182COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 359 7ffe10301e90-7ffe10301eac PyList_New 360 7ffe10301eb7-7ffe10301edd 359->360 361 7ffe10301eae-7ffe10301eb6 359->361 362 7ffe10301edf-7ffe10301eeb 360->362 363 7ffe10301f3e-7ffe10301f44 360->363 366 7ffe10301fcd-7ffe10301fe4 malloc 362->366 373 7ffe10301ef1-7ffe10301ef3 PyErr_SetFromWindowsErr 362->373 364 7ffe10301f46-7ffe10301f9c __acrt_iob_func call 7ffe10301d70 __acrt_iob_func call 7ffe10301d70 __acrt_iob_func call 7ffe10301d70 363->364 365 7ffe10301fa1-7ffe10301fab 363->365 364->365 365->366 367 7ffe10301fad-7ffe10301fc7 PyErr_SetString 365->367 371 7ffe10301fe6-7ffe10301fec PyErr_NoMemory 366->371 372 7ffe10301ff1-7ffe1030200b NtQuerySystemInformation 366->372 367->366 370 7ffe10301ef9-7ffe10301efe 367->370 375 7ffe10301f09-7ffe10301f0c 370->375 376 7ffe10301f00-7ffe10301f03 _Py_Dealloc 370->376 371->370 377 7ffe1030200d-7ffe1030201b call 7ffe10301350 372->377 378 7ffe10302020-7ffe10302023 372->378 373->370 381 7ffe10301f17-7ffe10301f3d 375->381 382 7ffe10301f0e-7ffe10301f11 free 375->382 376->375 377->370 383 7ffe10302029-7ffe1030203d 378->383 384 7ffe10302146-7ffe1030214f free 378->384 382->381 387 7ffe10302040-7ffe1030210c Py_BuildValue 383->387 389 7ffe10302157-7ffe10302161 384->389 387->370 390 7ffe10302112-7ffe10302123 PyList_Append 387->390 389->370 391 7ffe10302167-7ffe10302170 _Py_Dealloc 389->391 390->389 392 7ffe10302125-7ffe1030212c 390->392 391->370 393 7ffe10302137-7ffe10302140 392->393 394 7ffe1030212e-7ffe10302131 _Py_Dealloc 392->394 393->384 393->387 394->393
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937676674.00007FFE10301000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10300000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937662597.00007FFE10300000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937692179.00007FFE1030B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937707021.00007FFE10310000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937729384.00007FFE10311000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe10300000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DeallocErr_FromList_Windowsfree
                                                                                                                                • String ID: (ddddd)$GetActiveProcessorCount() not available; using GetSystemInfo()$GetSystemInfo() failed to retrieve CPU count$NtQuerySystemInformation(SystemProcessorPerformanceInformation)$psutil-debug [%s:%d]> $psutil/arch/windows\cpu.c
                                                                                                                                • API String ID: 2064544276-4027580629
                                                                                                                                • Opcode ID: 7190dbfe5ddc8fd9770f88d7c9040de05d44c9cbbe8f5b86af6aa6a4fad55d9a
                                                                                                                                • Instruction ID: 143a4aec8515237595868d46b0f7957792db4e7ff353a812996b096206c43f7b
                                                                                                                                • Opcode Fuzzy Hash: 7190dbfe5ddc8fd9770f88d7c9040de05d44c9cbbe8f5b86af6aa6a4fad55d9a
                                                                                                                                • Instruction Fuzzy Hash: 6371D731A1AF028AE6569F37E45023DA3A5AF59BA4B044375EF0F62778EF3CE5458700
                                                                                                                                Function 00007FFE10307DB0 Relevance: 38.6, APIs: 16, Strings: 6, Instructions: 128COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937676674.00007FFE10301000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10300000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937662597.00007FFE10300000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937692179.00007FFE1030B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937707021.00007FFE10310000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937729384.00007FFE10311000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe10300000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$Err_Process__acrt_iob_funcfprintf$FilenameFromOpenTokenWindowsWith$CurrentImpersonateSelfWarn
                                                                                                                                • String ID: (originated from %s)$AdjustTokenPrivileges$ImpersonateSelf$LookupPrivilegeValue$OpenProcessToken$SeDebugPrivilege
                                                                                                                                • API String ID: 2544101647-3705996988
                                                                                                                                • Opcode ID: 34da3196203b84411ab0fd01f7fc5e768038530ca3460100517b82b84452998e
                                                                                                                                • Instruction ID: db1fbed463d448e3f8aa229c68bc08584a1c35f07953fd7ae398bec3e2049572
                                                                                                                                • Opcode Fuzzy Hash: 34da3196203b84411ab0fd01f7fc5e768038530ca3460100517b82b84452998e
                                                                                                                                • Instruction Fuzzy Hash: DB512C22A1EE8682E7549F26E8442AE6364FB447A4F5044B6E78E0277DDF3CE649C740
                                                                                                                                Function 00007FFE103013D0 Relevance: 89.5, APIs: 27, Strings: 24, Instructions: 229libraryloaderthreadCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 243 7ffe103013d0-7ffe103013ff PyEval_SaveThread LoadLibraryA PyEval_RestoreThread 244 7ffe10301412-7ffe10301425 GetProcAddress 243->244 245 7ffe10301401-7ffe10301410 PyErr_SetFromWindowsErrWithFilename 243->245 247 7ffe10301458-7ffe1030146f GetModuleHandleA 244->247 248 7ffe10301427-7ffe10301439 PyErr_SetFromWindowsErrWithFilename FreeLibrary 244->248 246 7ffe1030143f-7ffe10301441 245->246 249 7ffe10301448-7ffe10301457 246->249 250 7ffe1030147a-7ffe1030148d GetProcAddress 247->250 251 7ffe10301471-7ffe10301478 247->251 248->246 253 7ffe103014b7-7ffe103014ce GetModuleHandleA 250->253 254 7ffe1030148f 250->254 252 7ffe10301496-7ffe103014b6 PyErr_SetFromWindowsErrWithFilename 251->252 255 7ffe103014d9-7ffe103014ec GetProcAddress 253->255 256 7ffe103014d0-7ffe103014d7 253->256 254->252 258 7ffe10301516-7ffe10301542 PyEval_SaveThread LoadLibraryA PyEval_RestoreThread 255->258 259 7ffe103014ee 255->259 257 7ffe103014f5-7ffe10301515 PyErr_SetFromWindowsErrWithFilename 256->257 260 7ffe1030156a-7ffe1030157d GetProcAddress 258->260 261 7ffe10301544-7ffe10301569 PyErr_SetFromWindowsErrWithFilename 258->261 259->257 262 7ffe103015b0-7ffe103015d4 call 7ffe103012c0 260->262 263 7ffe1030157f-7ffe103015af PyErr_SetFromWindowsErrWithFilename FreeLibrary 260->263 262->249 266 7ffe103015da-7ffe103015f7 call 7ffe103012c0 262->266 266->249 269 7ffe103015fd-7ffe1030161a call 7ffe103012c0 266->269 269->249 272 7ffe10301620-7ffe1030163d call 7ffe103012c0 269->272 272->249 275 7ffe10301643-7ffe10301660 call 7ffe103012c0 272->275 275->249 278 7ffe10301666-7ffe10301683 call 7ffe103012c0 275->278 278->249 281 7ffe10301689-7ffe103016a6 call 7ffe103012c0 278->281 281->249 284 7ffe103016ac-7ffe103016c9 call 7ffe103012c0 281->284 284->249 287 7ffe103016cf-7ffe103016df GetModuleHandleA 284->287 288 7ffe103016ea-7ffe103016fd GetProcAddress 287->288 289 7ffe103016e1-7ffe103016e8 287->289 291 7ffe10301727-7ffe1030174b call 7ffe103012c0 288->291 292 7ffe103016ff 288->292 290 7ffe10301706-7ffe10301726 PyErr_SetFromWindowsErrWithFilename 289->290 291->249 295 7ffe10301751-7ffe10301761 GetModuleHandleA 291->295 292->290 296 7ffe1030176c-7ffe1030177f GetProcAddress 295->296 297 7ffe10301763-7ffe1030176a 295->297 299 7ffe10301792-7ffe103017c1 call 7ffe103012c0 * 2 296->299 300 7ffe10301781 296->300 298 7ffe10301788-7ffe10301790 PyErr_SetFromWindowsErrWithFilename 297->298 298->299 304 7ffe103017c6-7ffe10301813 call 7ffe103012c0 * 2 PyErr_Clear 299->304 300->298
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937676674.00007FFE10301000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10300000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937662597.00007FFE10300000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937692179.00007FFE1030B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937707021.00007FFE10310000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937729384.00007FFE10311000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe10300000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_FilenameFromWindowsWith$AddressEval_LibraryProcThread$FreeHandleLoadModuleRestoreSave
                                                                                                                                • String ID: GetActiveProcessorCount$GetExtendedTcpTable$GetExtendedUdpTable$GetLogicalProcessorInformationEx$GetTickCount64$NtQueryInformationProcess$NtQueryObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtResumeProcess$NtSetInformationProcess$NtSuspendProcess$RtlGetVersion$RtlIpv4AddressToStringA$RtlIpv6AddressToStringA$RtlNtStatusToDosErrorNoTeb$WTSEnumerateSessionsW$WTSFreeMemory$WTSQuerySessionInformationW$iphlpapi.dll$kernel32$ntdll$ntdll.dll$wtsapi32.dll
                                                                                                                                • API String ID: 3787047288-761253638
                                                                                                                                • Opcode ID: 6b7c78cd98652e75907c508de1284e9f0e804c7fc3037098929c04c6a191e3dd
                                                                                                                                • Instruction ID: aa05cc7b230b9b6ae742c1395d33c2af2db762a03f8ac27b2ffafffb53f4a0a6
                                                                                                                                • Opcode Fuzzy Hash: 6b7c78cd98652e75907c508de1284e9f0e804c7fc3037098929c04c6a191e3dd
                                                                                                                                • Instruction Fuzzy Hash: 04C1D360A0BF07C1EA599F17E88417D23A5BF48BA4F8458B5E60D463B9EF7CE7498300
                                                                                                                                Function 00007FFE13333CF0 Relevance: 47.4, APIs: 19, Strings: 8, Instructions: 183threadCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 309 7ffe13333cf0-7ffe13333d39 310 7ffe13333d3f-7ffe13333d5c ffi_prep_cif 309->310 311 7ffe13338a64-7ffe13338a6b 309->311 313 7ffe13333d62-7ffe13333d65 310->313 314 7ffe13338a6d 310->314 312 7ffe13338a74-7ffe13338a7b 311->312 317 7ffe13338a8b-7ffe13338a94 PyErr_SetString 312->317 315 7ffe13338aa9-7ffe13338abe call 7ffe1333e088 313->315 316 7ffe13333d6b-7ffe13333d74 313->316 314->312 320 7ffe13338a9f 315->320 327 7ffe13338ac0 315->327 318 7ffe13333e41-7ffe13333e4a PyEval_SaveThread 316->318 319 7ffe13333d7a-7ffe13333d8e 316->319 317->320 318->319 322 7ffe13338ac5-7ffe13338ae3 _errno * 2 319->322 323 7ffe13333d94-7ffe13333d9e 319->323 320->315 325 7ffe13338af0-7ffe13338b0e GetLastError SetLastError 322->325 323->325 326 7ffe13333da4-7ffe13333dc5 ffi_call 323->326 329 7ffe13338b1b-7ffe13338b2f GetLastError SetLastError 325->329 328 7ffe13333de9-7ffe13333df0 326->328 327->322 328->329 330 7ffe13333df6-7ffe13333df9 328->330 332 7ffe13338b35-7ffe13338b47 _errno * 2 329->332 331 7ffe13333dff-7ffe13333e01 330->331 330->332 333 7ffe13333e4f-7ffe13333e58 PyEval_RestoreThread 331->333 334 7ffe13333e03-7ffe13333e06 331->334 335 7ffe13338b4e-7ffe13338b53 332->335 333->334 334->335 336 7ffe13333e0c-7ffe13333e0f 334->336 335->336 337 7ffe13338b59-7ffe13338b5e 335->337 338 7ffe13333e15-7ffe13333e17 336->338 339 7ffe13338b73-7ffe13338b8c PySys_Audit 336->339 337->336 340 7ffe13338b64-7ffe13338b6e _Py_Dealloc 337->340 341 7ffe13333e19-7ffe13333e22 PyErr_Occurred 338->341 342 7ffe13333e5a-7ffe13333e5c 338->342 339->320 343 7ffe13338b92-7ffe13338b99 339->343 340->336 344 7ffe13333e24-7ffe13333e40 341->344 342->344 345 7ffe13338c19-7ffe13338c25 343->345 346 7ffe13338b9b 343->346 347 7ffe13338a96-7ffe13338a99 PyErr_SetFromWindowsErr 345->347 348 7ffe13338c2b-7ffe13338c41 345->348 349 7ffe13338bd8-7ffe13338bf3 346->349 350 7ffe13338b9d-7ffe13338ba4 346->350 347->320 351 7ffe13338bf5-7ffe13338c02 PyErr_Format 349->351 352 7ffe13338c07-7ffe13338c14 PyErr_Format 349->352 353 7ffe13338ba6-7ffe13338bad 350->353 354 7ffe13338bcc 350->354 351->320 352->320 355 7ffe13338bb3-7ffe13338bba 353->355 356 7ffe13338a7d 353->356 354->349 355->347 358 7ffe13338bc0-7ffe13338bc7 355->358 357 7ffe13338a84 356->357 357->317 358->357
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938679897.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938663210.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938699098.00007FFE13341000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938716121.00007FFE13348000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938732915.00007FFE1334C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938732915.00007FFE1334E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe13330000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_$_errno$Eval_FromOccurredSaveStringThreadWindowsffi_callffi_prep_cif
                                                                                                                                • String ID: No ffi_type for result$ctypes.set_exception$exception: access violation reading %p$exception: access violation writing %p$exception: breakpoint encountered$exception: datatype misalignment$exception: single step$ffi_prep_cif failed
                                                                                                                                • API String ID: 1937973484-3190153140
                                                                                                                                • Opcode ID: 6090977515b6261267277a6748370cd29b038abdf268df317b25d1ce47fdd96b
                                                                                                                                • Instruction ID: 536a3bdbc2f3c6bd350682359eee4752af9fe59eee9a777709f0c929b37fe2aa
                                                                                                                                • Opcode Fuzzy Hash: 6090977515b6261267277a6748370cd29b038abdf268df317b25d1ce47fdd96b
                                                                                                                                • Instruction Fuzzy Hash: 61913E72A0DE428AE7648F13D440279AB60FB64FB4F5480B5D92E677B4DF3CE8498708
                                                                                                                                Function 00007FFE13332800 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 201COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 435 7ffe13332800-7ffe13332837 call 7ffe133329a4 438 7ffe13332971 435->438 439 7ffe1333283d-7ffe13332844 435->439 440 7ffe1333297d 438->440 439->440 441 7ffe1333284a-7ffe13332854 439->441 444 7ffe13332989 440->444 442 7ffe13332856 441->442 443 7ffe1333285d-7ffe13332864 441->443 442->443 443->444 445 7ffe1333286a-7ffe13332884 443->445 449 7ffe13332995-7ffe13332998 444->449 446 7ffe13337766-7ffe1333777c PyTuple_GetItem 445->446 447 7ffe1333288a-7ffe133328c7 call 7ffe13332a24 445->447 450 7ffe1333777e-7ffe13337785 446->450 451 7ffe133377eb-7ffe133377fc call 7ffe13333e98 446->451 458 7ffe133377e4-7ffe133377e6 447->458 459 7ffe133328cd-7ffe133328d0 447->459 454 7ffe1333299e-7ffe13337888 449->454 455 7ffe133328f6-7ffe13332923 call 7ffe13332ac0 449->455 456 7ffe1333778e-7ffe1333779e PyErr_SetString 450->456 464 7ffe133377fe-7ffe13337815 PyErr_SetString 451->464 465 7ffe1333781c-7ffe1333782b 451->465 462 7ffe133378a0-7ffe133378a7 454->462 463 7ffe1333788a-7ffe1333788e 454->463 467 7ffe13332928-7ffe1333292e 455->467 456->458 459->455 466 7ffe133328d2-7ffe133328e7 459->466 469 7ffe133377b7-7ffe133377de PyErr_Format 462->469 463->462 468 7ffe13337890-7ffe13337899 _Py_Dealloc 463->468 464->465 470 7ffe1333785f-7ffe13337866 465->470 471 7ffe1333782d-7ffe13337838 465->471 466->449 472 7ffe133328ed-7ffe133328f0 466->472 473 7ffe13332930-7ffe13332933 467->473 474 7ffe13332939-7ffe13332954 call 7ffe133329c8 467->474 468->462 469->458 470->456 471->470 477 7ffe1333783a-7ffe13337840 471->477 472->455 478 7ffe1333786b-7ffe1333786f 472->478 473->474 475 7ffe133378ac-7ffe133378cd PyObject_CallFunctionObjArgs 473->475 479 7ffe13332959-7ffe13332970 474->479 480 7ffe133378cf-7ffe133378d2 475->480 481 7ffe133378f6-7ffe133378f9 475->481 482 7ffe13337846-7ffe13337855 477->482 483 7ffe13337787 477->483 484 7ffe133377b0 478->484 485 7ffe13337875-7ffe13337879 478->485 480->481 487 7ffe133378d4-7ffe133378d7 480->487 488 7ffe1333790a-7ffe1333790e 481->488 489 7ffe133378fb-7ffe133378ff 481->489 482->470 483->456 484->469 485->484 486 7ffe1333787f _Py_Dealloc 485->486 486->484 487->474 491 7ffe133378dd-7ffe133378e1 487->491 493 7ffe13337910-7ffe13337914 488->493 494 7ffe1333791f-7ffe13337922 488->494 489->488 492 7ffe13337901-7ffe13337904 _Py_Dealloc 489->492 491->474 495 7ffe133378e7-7ffe133378f1 _Py_Dealloc 491->495 492->488 493->494 496 7ffe13337916-7ffe13337919 _Py_Dealloc 493->496 494->479 495->474 496->494
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938679897.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938663210.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938699098.00007FFE13341000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938716121.00007FFE13348000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938732915.00007FFE1334C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938732915.00007FFE1334E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe13330000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: COM method call without VTable$Expected a COM this pointer as first argument$NULL COM pointer access$native com method call without 'this' parameter$this function takes %d argument%s (%d given)$this function takes at least %d argument%s (%d given)
                                                                                                                                • API String ID: 0-1981512665
                                                                                                                                • Opcode ID: 33f37c971fed54750540260edd76fa08e17a326f6354f15f3709b5b9b97763ef
                                                                                                                                • Instruction ID: 6f886799e9b17f81fd106a96dfc743507a693470b86cde726588d18142b6fd2f
                                                                                                                                • Opcode Fuzzy Hash: 33f37c971fed54750540260edd76fa08e17a326f6354f15f3709b5b9b97763ef
                                                                                                                                • Instruction Fuzzy Hash: FF913822A09F4689EA65CB12E440379B7A0FB64FA4F4481B5DE6DA7774DF3CE444C708
                                                                                                                                Function 00007FFE1333430C Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 68threadlibraryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938679897.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938663210.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938699098.00007FFE13341000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938716121.00007FFE13348000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938732915.00007FFE1334C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938732915.00007FFE1334E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe13330000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_Eval_FromThread$Arg_AuditCharErrorFormatFreeLastLibraryLoadLong_Mem_ParseRestoreSaveStringSys_TupleUnicode_VoidWideWindows
                                                                                                                                • String ID: Could not find module '%.500S' (or one of its dependencies). Try using the full path with constructor syntax.$U|i:LoadLibrary$ctypes.dlopen
                                                                                                                                • API String ID: 3805577924-808210370
                                                                                                                                • Opcode ID: 8ccda75d85a983fd95b13b23cc26be7dd2e7148b4e3e75719f774d01015a1fa9
                                                                                                                                • Instruction ID: 479f9d101e297d3ca810a8af3bcb2b8db51d190c5d2086746c4818dc9016e6b5
                                                                                                                                • Opcode Fuzzy Hash: 8ccda75d85a983fd95b13b23cc26be7dd2e7148b4e3e75719f774d01015a1fa9
                                                                                                                                • Instruction Fuzzy Hash: 71213C25F08E4789FB149B53A8441B967A0AFA9FF5F4480B1C92E63370DE7CE4598309
                                                                                                                                Function 00007FFE13332AC0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 253COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 509 7ffe13332ac0-7ffe13332b1c 510 7ffe13337cee 509->510 511 7ffe13332b22-7ffe13332b29 509->511 513 7ffe13337cf6-7ffe13337d13 PyErr_Format 510->513 512 7ffe13332b2f-7ffe13332b48 511->512 511->513 514 7ffe13332b4d-7ffe13332b76 call 7ffe133369e0 memset 512->514 515 7ffe13332b4a 512->515 517 7ffe13337d1a 513->517 514->517 519 7ffe13332b7c-7ffe13332b87 514->519 515->514 520 7ffe13337d22-7ffe13337d34 517->520 519->520 521 7ffe13332b8d-7ffe13332b96 519->521 524 7ffe13337d3d-7ffe13337d46 _Py_Dealloc 520->524 522 7ffe13332c1c-7ffe13332c2a 521->522 523 7ffe13332b9c-7ffe13332ba6 521->523 525 7ffe13332c30-7ffe13332c42 call 7ffe13332ee4 522->525 526 7ffe13337d69 522->526 527 7ffe13332ba9-7ffe13332bac 523->527 528 7ffe13332bf9-7ffe13332bfc 524->528 540 7ffe13332c44 525->540 541 7ffe13332c49-7ffe13332c5a 525->541 534 7ffe13337d75 526->534 532 7ffe13332bb2-7ffe13332bb5 527->532 533 7ffe13332dc6-7ffe13332dd5 call 7ffe13332de0 527->533 529 7ffe13332c02-7ffe13332c14 528->529 530 7ffe13337d4b-7ffe13337d4f 528->530 529->522 535 7ffe13332c16-7ffe13332c1a 529->535 538 7ffe13337d54-7ffe13337d67 call 7ffe1333df80 530->538 532->533 537 7ffe13332bbb-7ffe13332bcf PyObject_CallOneArg 532->537 552 7ffe13332dda-7ffe13332ddc 533->552 546 7ffe13337d7d-7ffe13337d84 534->546 535->527 542 7ffe13337d51 537->542 543 7ffe13332bd5-7ffe13332bed call 7ffe13332de0 537->543 551 7ffe13337dc7-7ffe13337dcb 538->551 540->541 547 7ffe13332c5f-7ffe13332c7f call 7ffe133369e0 541->547 548 7ffe13332c5c 541->548 542->538 543->528 563 7ffe13332bef-7ffe13332bf3 543->563 553 7ffe13332d49-7ffe13332d4c 546->553 554 7ffe13337d8a-7ffe13337d8f 546->554 569 7ffe13332c81 547->569 570 7ffe13332c84-7ffe13332c9c call 7ffe133369e0 547->570 548->547 559 7ffe13332d67-7ffe13332d6a 552->559 557 7ffe13337d9e-7ffe13337da3 553->557 558 7ffe13332d52-7ffe13332d64 call 7ffe13332740 553->558 560 7ffe13337d91-7ffe13337d99 call 7ffe1333dad8 554->560 561 7ffe13337db3-7ffe13337dbc PyLong_FromLong 554->561 557->561 568 7ffe13337da5-7ffe13337dae PyErr_SetFromWindowsErr 557->568 558->559 565 7ffe13332d94-7ffe13332dc5 call 7ffe13335c20 559->565 566 7ffe13332d6c 559->566 560->559 561->559 563->524 563->528 572 7ffe13332d71-7ffe13332d77 566->572 568->559 569->570 580 7ffe13332ca1-7ffe13332cb5 call 7ffe133369e0 570->580 581 7ffe13332c9e 570->581 577 7ffe13332d79-7ffe13332d7c 572->577 578 7ffe13332d8a-7ffe13332d92 572->578 577->578 582 7ffe13332d7e-7ffe13332d82 577->582 578->565 578->572 586 7ffe13337dc1 PyErr_NoMemory 580->586 587 7ffe13332cbb-7ffe13332cbe 580->587 581->580 582->578 584 7ffe13332d84 _Py_Dealloc 582->584 584->578 586->551 587->586 588 7ffe13332cc4-7ffe13332cc7 587->588 588->586 589 7ffe13332ccd-7ffe13332cd4 588->589 590 7ffe13332d0e-7ffe13332d2e call 7ffe13333cf0 589->590 591 7ffe13332cd6-7ffe13332ce4 589->591 595 7ffe13332d33-7ffe13332d36 590->595 592 7ffe13332ce7-7ffe13332cf4 591->592 592->534 594 7ffe13332cfa-7ffe13332d0c 592->594 594->590 594->592 595->552 596 7ffe13332d3c-7ffe13332d43 595->596 596->546 596->553
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938679897.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938663210.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938699098.00007FFE13341000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938716121.00007FFE13348000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938732915.00007FFE1334C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938732915.00007FFE1334E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe13330000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CallDeallocErr_FormatObject_memset
                                                                                                                                • String ID: argument %zd: $too many arguments (%zi), maximum is %i
                                                                                                                                • API String ID: 1791410686-4072972272
                                                                                                                                • Opcode ID: c277ea183b50c61b7a84c05d1f4defa890b22ed5e8d0e49d552492417d3b1e46
                                                                                                                                • Instruction ID: 40ff4865dd7da6279831af7573fd248ae85588c0fadfd66fe80502a409049505
                                                                                                                                • Opcode Fuzzy Hash: c277ea183b50c61b7a84c05d1f4defa890b22ed5e8d0e49d552492417d3b1e46
                                                                                                                                • Instruction Fuzzy Hash: 5CB15062A08E8289EA159F27D8402B9A360FB25FF8F548671D93DA77E5DF3CE541C304
                                                                                                                                Function 00007FFE133311AC Relevance: 12.1, APIs: 8, Instructions: 106COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 597 7ffe133311ac-7ffe133311af 598 7ffe13331f0c-7ffe13331f22 597->598 599 7ffe13331f2b-7ffe13331f31 598->599 600 7ffe13332067-7ffe13332069 599->600 601 7ffe13331f37-7ffe13331f54 PyDict_Contains 599->601 604 7ffe13332022-7ffe13332031 600->604 602 7ffe1333201f 601->602 603 7ffe13331f5a 601->603 602->604 605 7ffe13331f60-7ffe13331f72 call 7ffe133323d0 603->605 606 7ffe1333729e-7ffe133372a1 603->606 605->606 612 7ffe13331f78-7ffe13331f7a 605->612 606->600 608 7ffe133372a7-7ffe133372ab 606->608 608->600 609 7ffe133372b1 608->609 611 7ffe133372b4-7ffe133372bb _Py_Dealloc 609->611 611->600 613 7ffe13331f80-7ffe13331f93 PyDict_Update 612->613 614 7ffe1333205a-7ffe13332062 612->614 615 7ffe13337272-7ffe13337275 613->615 616 7ffe13331f99-7ffe13331faa 613->616 614->613 619 7ffe13337286-7ffe13337289 615->619 620 7ffe13337277-7ffe1333727b 615->620 617 7ffe13331fb8-7ffe13331fd0 call 7ffe13333b70 616->617 618 7ffe13331fac-7ffe13331fb0 616->618 617->606 627 7ffe13331fd6-7ffe13331ffb PyDict_GetItemWithError 617->627 618->617 621 7ffe13331fb2 _Py_Dealloc 618->621 619->600 624 7ffe1333728f-7ffe13337293 619->624 620->619 622 7ffe1333727d-7ffe13337280 _Py_Dealloc 620->622 621->617 622->619 624->600 626 7ffe13337299-7ffe1333729c 624->626 626->611 628 7ffe13332032-7ffe1333203b PyErr_Occurred 627->628 629 7ffe13331ffd-7ffe13332019 PyObject_SetAttr 627->629 628->606 630 7ffe13332041-7ffe13332053 call 7ffe13333880 628->630 629->602 629->606 630->602 633 7ffe13332055-7ffe133372ce call 7ffe13340450 630->633 633->606 637 7ffe133372d0-7ffe133372e0 633->637 637->602
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938679897.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938663210.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938699098.00007FFE13341000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938716121.00007FFE13348000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938732915.00007FFE1334C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938732915.00007FFE1334E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe13330000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Dict_$DeallocObject_$AttrCallContainsCurrentErr_ErrorItemMakeOccurredState_ThreadUpdateWith
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2347184808-0
                                                                                                                                • Opcode ID: 19253d0d72e99eb2dfa4533fb5b10f5266ade0fd6e35b992c2445b8af10077c0
                                                                                                                                • Instruction ID: 5b07fcc8bbfeae7b018d26e265ea1b9400c83fe901525eee43665172da001c3b
                                                                                                                                • Opcode Fuzzy Hash: 19253d0d72e99eb2dfa4533fb5b10f5266ade0fd6e35b992c2445b8af10077c0
                                                                                                                                • Instruction Fuzzy Hash: 32415C31E0DE0289EA554B27D5443B9A3A0EF65FB5F1881B0D96DA66B5DF3CE054C308
                                                                                                                                Function 00007FFE103012C0 Relevance: 10.5, APIs: 7, Instructions: 37librarythreadloaderCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937676674.00007FFE10301000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10300000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937662597.00007FFE10300000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937692179.00007FFE1030B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937707021.00007FFE10310000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937729384.00007FFE10311000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe10300000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_Eval_FilenameFromLibraryThreadWindowsWith$AddressFreeLoadProcRestoreSave
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 568911590-0
                                                                                                                                • Opcode ID: e2200b3415209b6f4be3470a672ca2eac9ae6c36c8dafb9bbec9a9066c3d2c4c
                                                                                                                                • Instruction ID: 2ade23626ef8990d33601e84b7d7a9b86021fd49ba252ace6edf5921675c0a2c
                                                                                                                                • Opcode Fuzzy Hash: e2200b3415209b6f4be3470a672ca2eac9ae6c36c8dafb9bbec9a9066c3d2c4c
                                                                                                                                • Instruction Fuzzy Hash: 4C012824B1AE4682EA189F23B91813E6361BF48FE0B4844B4DE4E07B6DDF3CE2458300
                                                                                                                                Function 00007FFE10253AB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937605131.00007FFE10251000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE10250000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937591084.00007FFE10250000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937619663.00007FFE10257000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937634346.00007FFE1025C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937648359.00007FFE1025E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe10250000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: D_do_all_providedDeallocFrozenModule_ObjectSet_
                                                                                                                                • String ID: openssl_md_meth_names
                                                                                                                                • API String ID: 4100423519-1600430994
                                                                                                                                • Opcode ID: 377f0c0f1d187c6f6c3e59a4c7b27003ffe99c0898c3aca503393d1ddc3b5551
                                                                                                                                • Instruction ID: 58eb7784139b0a607053da05832a4de5a1b8555762de73ae8c0116d35cb2b45b
                                                                                                                                • Opcode Fuzzy Hash: 377f0c0f1d187c6f6c3e59a4c7b27003ffe99c0898c3aca503393d1ddc3b5551
                                                                                                                                • Instruction Fuzzy Hash: 2E0125B1A0CE4282E7244B62A8052F97B60FBC9779F445175DB4E867B2EF3CD544C708
                                                                                                                                Function 00007FFE13331F00 Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 653 7ffe13331f00-7ffe13331f22 655 7ffe13331f2b-7ffe13331f31 653->655 656 7ffe13332067-7ffe13332069 655->656 657 7ffe13331f37-7ffe13331f54 PyDict_Contains 655->657 660 7ffe13332022-7ffe13332031 656->660 658 7ffe1333201f 657->658 659 7ffe13331f5a 657->659 658->660 661 7ffe13331f60-7ffe13331f72 call 7ffe133323d0 659->661 662 7ffe1333729e-7ffe133372a1 659->662 661->662 668 7ffe13331f78-7ffe13331f7a 661->668 662->656 664 7ffe133372a7-7ffe133372ab 662->664 664->656 665 7ffe133372b1 664->665 667 7ffe133372b4-7ffe133372bb _Py_Dealloc 665->667 667->656 669 7ffe13331f80-7ffe13331f93 PyDict_Update 668->669 670 7ffe1333205a-7ffe13332062 668->670 671 7ffe13337272-7ffe13337275 669->671 672 7ffe13331f99-7ffe13331faa 669->672 670->669 675 7ffe13337286-7ffe13337289 671->675 676 7ffe13337277-7ffe1333727b 671->676 673 7ffe13331fb8-7ffe13331fd0 call 7ffe13333b70 672->673 674 7ffe13331fac-7ffe13331fb0 672->674 673->662 683 7ffe13331fd6-7ffe13331ffb PyDict_GetItemWithError 673->683 674->673 677 7ffe13331fb2 _Py_Dealloc 674->677 675->656 680 7ffe1333728f-7ffe13337293 675->680 676->675 678 7ffe1333727d-7ffe13337280 _Py_Dealloc 676->678 677->673 678->675 680->656 682 7ffe13337299-7ffe1333729c 680->682 682->667 684 7ffe13332032-7ffe1333203b PyErr_Occurred 683->684 685 7ffe13331ffd-7ffe13332019 PyObject_SetAttr 683->685 684->662 686 7ffe13332041-7ffe13332053 call 7ffe13333880 684->686 685->658 685->662 686->658 689 7ffe13332055-7ffe133372ce call 7ffe13340450 686->689 689->662 693 7ffe133372d0-7ffe133372e0 689->693 693->658
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938679897.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938663210.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938699098.00007FFE13341000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938716121.00007FFE13348000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938732915.00007FFE1334C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938732915.00007FFE1334E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe13330000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Dict_$DeallocObject_$AttrCallContainsCurrentErr_ErrorItemMakeOccurredState_ThreadUpdateWith
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2347184808-0
                                                                                                                                • Opcode ID: 5d96bae5d0e6a384cdd3300ec643e4a407cf7280fbfff140101e4f05a9a581a9
                                                                                                                                • Instruction ID: 0de580147be543d4b1f222abe1d0d00fbfabc16189860ad1b02c3d6bdb0983cb
                                                                                                                                • Opcode Fuzzy Hash: 5d96bae5d0e6a384cdd3300ec643e4a407cf7280fbfff140101e4f05a9a581a9
                                                                                                                                • Instruction Fuzzy Hash: 29312731E09E4289EA558B17A4403A963A0FF65FE4F1881B1DA6DA67B4DE3CE4918308
                                                                                                                                Function 00000225EDFB00F2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 136networkCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 694 225edfb00f2-225edfb011e 697 225edfb011f-225edfb013c WSASocketA 694->697 698 225edfb013e-225edfb0152 connect 697->698 699 225edfb015e-225edfb017a recv 698->699 700 225edfb0154-225edfb0157 698->700 702 225edfb01d1-225edfb01de 699->702 703 225edfb017c-225edfb01a0 699->703 700->698 701 225edfb0159 call 225edfb01f1 700->701 701->699 702->697 707 225edfb01a2-225edfb01b9 703->707 709 225edfb01e3-225edfb01ec 707->709 710 225edfb01bb-225edfb01ca 707->710 709->707 711 225edfb01ee 709->711 710->702
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2934511808.00000225EDFB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000225EDFB0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_225edfb0000_3OQL58yflv.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Socketconnectrecv
                                                                                                                                • String ID: unMa
                                                                                                                                • API String ID: 1489331942-1083050270
                                                                                                                                • Opcode ID: 69169658327af5ec15c147cef2357b4be1f4972c36573bed2cf0edbceb0edd2d
                                                                                                                                • Instruction ID: fb96363d479a459e7756df037c189c0446ef56148fca3512e8c1a6c1329d7a0d
                                                                                                                                • Opcode Fuzzy Hash: 69169658327af5ec15c147cef2357b4be1f4972c36573bed2cf0edbceb0edd2d
                                                                                                                                • Instruction Fuzzy Hash: 1221992275CD5C2BF22CA1AD381F73A25CAC799715F21903FF54AC62DADDA18C83019A
                                                                                                                                Function 00007FFE10301DC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49timeCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937676674.00007FFE10301000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10300000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937662597.00007FFE10300000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937692179.00007FFE1030B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937707021.00007FFE10310000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937729384.00007FFE10311000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe10300000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: BuildErr_FromSystemTimesValueWindows
                                                                                                                                • String ID: (ddd)
                                                                                                                                • API String ID: 2325294781-2401937087
                                                                                                                                • Opcode ID: ba0bdbf672466f0367906313a703a410643c45962e3f53d94245850bb14888e0
                                                                                                                                • Instruction ID: 51f947f681f96e04336893ea2530b72599460b139144caad439acbd6acc87553
                                                                                                                                • Opcode Fuzzy Hash: ba0bdbf672466f0367906313a703a410643c45962e3f53d94245850bb14888e0
                                                                                                                                • Instruction Fuzzy Hash: F211BC31E29F454FC557DB36994052AE3A9AFA6790B448322F50FB1F64E72CE1D68B00
                                                                                                                                Function 00007FFE10253B90 Relevance: 4.5, APIs: 3, Instructions: 27COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937605131.00007FFE10251000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE10250000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937591084.00007FFE10250000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937619663.00007FFE10257000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937634346.00007FFE1025C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937648359.00007FFE1025E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe10250000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Module_$BasesFromSpecStateTypeType_With
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2730008912-0
                                                                                                                                • Opcode ID: a8ae01e82ce562809f66ae8afd9001b3d796d883e62a847821e8e3f5a0ad3511
                                                                                                                                • Instruction ID: 00915aa0deffae1a53d927cec8e39c21067135ed93547044b48c4da9254cf4e1
                                                                                                                                • Opcode Fuzzy Hash: a8ae01e82ce562809f66ae8afd9001b3d796d883e62a847821e8e3f5a0ad3511
                                                                                                                                • Instruction Fuzzy Hash: B5F0BEA0709E0281EA148B26F4441B966A1BF88BF4F1881B5DF2D467A6FF3CD040C304
                                                                                                                                Function 00007FFE148E4730 Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938782983.00007FFE148E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE148E0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938766117.00007FFE148E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938800022.00007FFE148E6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938816672.00007FFE148E9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe148e0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                • Opcode ID: d0030d7d39ed1f1285109f3f3c4a92fc536e9fee5458ecd4838dc556b7ba0fb5
                                                                                                                                • Instruction ID: 78ea90a76b9f2e9161044804ee226d490219f8357c16d87d6016a8b7e211c75d
                                                                                                                                • Opcode Fuzzy Hash: d0030d7d39ed1f1285109f3f3c4a92fc536e9fee5458ecd4838dc556b7ba0fb5
                                                                                                                                • Instruction Fuzzy Hash: 29F01DB2508F45C9C702CF5AE45009DB724F756BD5F418A22EE8D63B29CF38C055CB50
                                                                                                                                Function 00007FFE148E42E0 Relevance: 1.4, APIs: 1, Instructions: 138COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938782983.00007FFE148E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE148E0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938766117.00007FFE148E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938800022.00007FFE148E6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938816672.00007FFE148E9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe148e0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcpy
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3510742995-0
                                                                                                                                • Opcode ID: b007cc5a7efe170316438a21b032e88e071ebebb1f436b5cacc6e359ddb69198
                                                                                                                                • Instruction ID: 8b0becd7bc32e01ef9077e9173146ae9a1d557fb18be035d7b3935749b4477a6
                                                                                                                                • Opcode Fuzzy Hash: b007cc5a7efe170316438a21b032e88e071ebebb1f436b5cacc6e359ddb69198
                                                                                                                                • Instruction Fuzzy Hash: A5518F72B05F8585DB10CF2AD4845A8B364FB4AFB8B558272EE2C177A5DF38D859C340

                                                                                                                                Non-executed Functions

                                                                                                                                Function 00007FFE130C1630 Relevance: 49.2, APIs: 24, Strings: 4, Instructions: 169threadfilesynchronizationCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938510031.00007FFE130C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938494029.00007FFE130C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938526688.00007FFE130C4000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938542624.00007FFE130C6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938561193.00007FFE130C7000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe130c0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLastThread$CloseErr_FromHandleStringUnicode_$CharCreateEval_FreeMem_Wide$AuditCodeExitFileFormatObjectPipeReadRestoreSaveSingleSizeSys_WaitWindows_wcsnicmp
                                                                                                                                • String ID: Query returns more than %zd characters$_wmi.exec_query$only SELECT queries are supported$select
                                                                                                                                • API String ID: 1485273037-3471808114
                                                                                                                                • Opcode ID: a45e1f8a1551fef1ad70d41504f7adbe819fd0314a9c8daddda802135660b56e
                                                                                                                                • Instruction ID: 48d7b8bca8d878caf7536bdd58416c24ad3446ee5c479e3062a8dd78fea46564
                                                                                                                                • Opcode Fuzzy Hash: a45e1f8a1551fef1ad70d41504f7adbe819fd0314a9c8daddda802135660b56e
                                                                                                                                • Instruction Fuzzy Hash: 75717F21A1CE428AEB558F22E45453A63F2FFA47A0F9141F5EA4E72A74DF3CE449C700
                                                                                                                                Function 00007FFE0138F500 Relevance: 42.5, APIs: 11, Strings: 13, Instructions: 485COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: AppPolicyGetThreadInitializationType$AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID$RoInitialize
                                                                                                                                • API String ID: 0-3669283627
                                                                                                                                • Opcode ID: ccc7eb3572c774f940782ce753bf629e2723892d1cb137de11e9bfab3df123ae
                                                                                                                                • Instruction ID: bab90575b3bb117926b552a72dfd5bd2689b17cb37496dcea395b5b8c28a2abe
                                                                                                                                • Opcode Fuzzy Hash: ccc7eb3572c774f940782ce753bf629e2723892d1cb137de11e9bfab3df123ae
                                                                                                                                • Instruction Fuzzy Hash: A11241A5B1AB0386FF589719F8601B463E2AF597C8F4A553ADC4D8F774EE2CF4488240
                                                                                                                                Function 00007FFE130C10C0 Relevance: 33.6, APIs: 17, Strings: 2, Instructions: 351memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938510031.00007FFE130C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938494029.00007FFE130C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938526688.00007FFE130C4000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938542624.00007FFE130C6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938561193.00007FFE130C7000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe130c0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: String$Alloc$CloseFreeHandle
                                                                                                                                • String ID: ROOT\CIMV2$WQL
                                                                                                                                • API String ID: 1604210422-3419750859
                                                                                                                                • Opcode ID: 4753793dc133eb732f6fa59753c114e4776a8554c0160e4ccf7448882cbb55c5
                                                                                                                                • Instruction ID: 39e24e9a47eaa0f5dcc90fda9d98fdb926428e863680f139b95488e426729496
                                                                                                                                • Opcode Fuzzy Hash: 4753793dc133eb732f6fa59753c114e4776a8554c0160e4ccf7448882cbb55c5
                                                                                                                                • Instruction Fuzzy Hash: 71F16E36608F42CAEB148B66E48026D77E6FB94BA4F9045B5DA9E63BB4CF3CD445C700
                                                                                                                                Function 00007FFE0138C950 Relevance: 31.9, APIs: 16, Strings: 2, Instructions: 364COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast
                                                                                                                                • String ID: FlsGetValue$LCMapStringEx
                                                                                                                                • API String ID: 1452528299-552164261
                                                                                                                                • Opcode ID: a4a3e404a377be3de1b46447ce64a00db81dfcc42e9d28b1fd0d603e0ea3923b
                                                                                                                                • Instruction ID: b922c8e81f00aaef35d1688849bf605ec2069de386bb1134eea44bbe6f0ee54b
                                                                                                                                • Opcode Fuzzy Hash: a4a3e404a377be3de1b46447ce64a00db81dfcc42e9d28b1fd0d603e0ea3923b
                                                                                                                                • Instruction Fuzzy Hash: B1E19065B09B4382EF589B69E8601BC23A1AF49BC8F455436DD8E5F7B1DE3CF8458310
                                                                                                                                Function 00007FFE130C30AC Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938510031.00007FFE130C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938494029.00007FFE130C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938526688.00007FFE130C4000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938542624.00007FFE130C6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938561193.00007FFE130C7000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe130c0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 313767242-0
                                                                                                                                • Opcode ID: 0c3bbc9a044c8cfdc3e11b6ab6d67702d9a512d4181119069a997b409eff2317
                                                                                                                                • Instruction ID: 1f816e99df857cf632df6c9d47a9283ee437f946f6fe9628af4fea9fbd847c11
                                                                                                                                • Opcode Fuzzy Hash: 0c3bbc9a044c8cfdc3e11b6ab6d67702d9a512d4181119069a997b409eff2317
                                                                                                                                • Instruction Fuzzy Hash: 83316D72618F818AEB609F61E8503E973B2FB94754F9440B9DA4D67BA8DF3CD648C700
                                                                                                                                Function 00007FFE10231960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937462956.00007FFE10231000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE10230000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937447788.00007FFE10230000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937477787.00007FFE10235000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937492187.00007FFE10236000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937505821.00007FFE10237000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe10230000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 313767242-0
                                                                                                                                • Opcode ID: 36b791249e45fdaaaa5c0498a025d542db75cf109b22524036ed28c1776144b0
                                                                                                                                • Instruction ID: 5db259394f198ed95fd5bbf948647e48b19d317bb5ed261ca1e2f7c557e03ba1
                                                                                                                                • Opcode Fuzzy Hash: 36b791249e45fdaaaa5c0498a025d542db75cf109b22524036ed28c1776144b0
                                                                                                                                • Instruction Fuzzy Hash: 27315C72609E818AEB648F61E8503E97770FB88754F44447ADB4D4BBA9DF38D648C710
                                                                                                                                Function 00007FFE11EB3C90 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 313767242-0
                                                                                                                                • Opcode ID: 518508342acd5e1eb00bf798bb00ba5409c2c6d7c632951b2cf7e2fecbefcf67
                                                                                                                                • Instruction ID: 81892ac161cfb0337b2d438fd7757a3cb887875f1243641709207ab05777af6e
                                                                                                                                • Opcode Fuzzy Hash: 518508342acd5e1eb00bf798bb00ba5409c2c6d7c632951b2cf7e2fecbefcf67
                                                                                                                                • Instruction Fuzzy Hash: DD313E72609F8189EB609FA1E8407EE7364FB84754F44447ADA4E47BA4DF3CD648C714
                                                                                                                                Function 00007FFE12E11960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938442526.00007FFE12E11000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE12E10000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938423619.00007FFE12E10000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938459898.00007FFE12E12000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938476905.00007FFE12E14000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe12e10000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 313767242-0
                                                                                                                                • Opcode ID: d51bb506f30b3b5fdb72a703574b3b87f2bee8d52957f5e63ce3b87c7c7ed3f5
                                                                                                                                • Instruction ID: f87d692d1c79941ff5ccb54cacb4f436aaa850b64861ab0c1561325ab915eb9b
                                                                                                                                • Opcode Fuzzy Hash: d51bb506f30b3b5fdb72a703574b3b87f2bee8d52957f5e63ce3b87c7c7ed3f5
                                                                                                                                • Instruction Fuzzy Hash: 8A316D72609F818AEB618F61EC503EE7361FB84754F44413ADA4E4BBA8DF78D648D710
                                                                                                                                Function 00007FFE0E141A80 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936726409.00007FFE0E141000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E140000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936712283.00007FFE0E140000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936741361.00007FFE0E145000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936757392.00007FFE0E14F000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936771307.00007FFE0E150000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe0e140000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 313767242-0
                                                                                                                                • Opcode ID: 4daa35a496de95c00f3549ff2ee86a4c9bdd8fe61db81f85dce5350646ac50d2
                                                                                                                                • Instruction ID: 7a582dc8a48ad2493705d9bdb4cf9e3d13b20d78e06b8adc857ac9d40558a92a
                                                                                                                                • Opcode Fuzzy Hash: 4daa35a496de95c00f3549ff2ee86a4c9bdd8fe61db81f85dce5350646ac50d2
                                                                                                                                • Instruction Fuzzy Hash: 8D313EB6709B819AEB609F60E8503ED7361FB84744F44443ADA8E47BA8EF38D648C710
                                                                                                                                Function 00007FFE110F1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937820040.00007FFE110F1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFE110F0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937804998.00007FFE110F0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937836088.00007FFE110F2000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937851276.00007FFE110F4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe110f0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 313767242-0
                                                                                                                                • Opcode ID: d51bb506f30b3b5fdb72a703574b3b87f2bee8d52957f5e63ce3b87c7c7ed3f5
                                                                                                                                • Instruction ID: a086e0e1c23a3c8d32083fb19f4ba8de8efe900cbb25476c68db47d94a414c95
                                                                                                                                • Opcode Fuzzy Hash: d51bb506f30b3b5fdb72a703574b3b87f2bee8d52957f5e63ce3b87c7c7ed3f5
                                                                                                                                • Instruction Fuzzy Hash: A6316F72A08FC28AEB608F61E8417EE736AFB85754F44403ADA4D47AA5DF3CD548C704
                                                                                                                                Function 00007FFE11BB1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938118027.00007FFE11BB1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE11BB0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938101310.00007FFE11BB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938133567.00007FFE11BB3000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938149100.00007FFE11BB4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938163229.00007FFE11BB5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11bb0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 313767242-0
                                                                                                                                • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                • Instruction ID: 474b3f1eb5ff5279099dfb4776e28c6eca051b41af99b92efbb36582051558bb
                                                                                                                                • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                • Instruction Fuzzy Hash: DC313C72609F81C9EB708F61E8507E97368FB88754F44503ADA8D47AA4DF3CD648C718
                                                                                                                                Function 00007FFE11071960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937760077.00007FFE11071000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFE11070000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937744877.00007FFE11070000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937775020.00007FFE11073000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937790415.00007FFE11075000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11070000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 313767242-0
                                                                                                                                • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                • Instruction ID: c416dd9c510fcc56afb339bfd224ebd0c4df9c884e9ddd191f53198f672475b6
                                                                                                                                • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                • Instruction Fuzzy Hash: A3317272A08F8189EB609F61E8503ED736AFB84754F44403ADA8D47BA4DF3CD648C710
                                                                                                                                Function 00007FFE13301AC0 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938594897.00007FFE13301000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938578259.00007FFE13300000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938612939.00007FFE13303000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938629391.00007FFE13305000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938646123.00007FFE13306000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 313767242-0
                                                                                                                                • Opcode ID: 396fb0676da42074f33246ab187dc1dcc5be145908329d2e9d3bbd097559ecec
                                                                                                                                • Instruction ID: cf1446383e4bdbbcbd700f9940a1a325f71d6196e6fbe0414b5ec9aa183ed3a4
                                                                                                                                • Opcode Fuzzy Hash: 396fb0676da42074f33246ab187dc1dcc5be145908329d2e9d3bbd097559ecec
                                                                                                                                • Instruction Fuzzy Hash: D931A476A09F8189EB608F65E8503EE3364FB94764F444039DA9E67BA8DF3CD548C708
                                                                                                                                Function 00007FFE101D1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937326239.00007FFE101D1000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFE101D0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937311108.00007FFE101D0000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937341468.00007FFE101D3000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937356318.00007FFE101D4000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937371175.00007FFE101D5000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe101d0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 313767242-0
                                                                                                                                • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                • Instruction ID: d6ee73d3a60b8b7bdc80c61e5052e806b521b5a4faf90328e69341d1fd05b68c
                                                                                                                                • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                • Instruction Fuzzy Hash: 25313972709E819AFB608F61E8543E96364FB84758F44803ADB8E47BA8DF3CD648C710
                                                                                                                                Function 00007FFE0EA71960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936942642.00007FFE0EA71000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FFE0EA70000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936928583.00007FFE0EA70000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936956825.00007FFE0EA73000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936970557.00007FFE0EA74000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936984077.00007FFE0EA75000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe0ea70000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 313767242-0
                                                                                                                                • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                • Instruction ID: dd6dfbbfe73157e12aad8afbfa340118929cd95550e7b364656e1a4918147f49
                                                                                                                                • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                • Instruction Fuzzy Hash: 8C314D72609B8189EB60CF60E8507ED73B4FB98744F45403ADACE47AA4EF38D649C710
                                                                                                                                Function 00007FFE11513398 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 313767242-0
                                                                                                                                • Opcode ID: 35a7589cc452a559f716fbf76e6c2d0995ef5bb5efcdcd1d759a878c2b8be3e9
                                                                                                                                • Instruction ID: 0edbfea2b43553706825a04faf3d2aa5a84438fc5c5b8296166cfdbc6fc306d2
                                                                                                                                • Opcode Fuzzy Hash: 35a7589cc452a559f716fbf76e6c2d0995ef5bb5efcdcd1d759a878c2b8be3e9
                                                                                                                                • Instruction Fuzzy Hash: 0B316D72609E818AEB618F61E8503ED7379FB84764F44443ADA4E47BA5EF3CC648C700
                                                                                                                                Function 00007FFE10231D30 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 257COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937462956.00007FFE10231000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE10230000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937447788.00007FFE10230000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937477787.00007FFE10235000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937492187.00007FFE10236000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937505821.00007FFE10237000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe10230000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcpy$_wassert
                                                                                                                                • String ID: D:\a\pycryptodome\pycryptodome\src\hash_SHA2_template.c$hs->curlen < BLOCK_SIZE
                                                                                                                                • API String ID: 4178124637-3286700114
                                                                                                                                • Opcode ID: 9fd48034940160ff137dafc7768c8653c858100760cfcc45bc03f43c08ef4dc7
                                                                                                                                • Instruction ID: 2f7c8878b0fdfc5b528361a535f2c92b53499429088df62b01193ed62add5da0
                                                                                                                                • Opcode Fuzzy Hash: 9fd48034940160ff137dafc7768c8653c858100760cfcc45bc03f43c08ef4dc7
                                                                                                                                • Instruction Fuzzy Hash: C0B1BF22E18B918AE705CB39C9006F96B61FBD9798F059231EF4D16B56DF38E589C300
                                                                                                                                Function 00007FFE11515074 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47threadnetworkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Eval_Thread$AuditErr_FormatRestoreSaveSys_bind
                                                                                                                                • String ID: bind$socket.bind
                                                                                                                                • API String ID: 1695574521-187351271
                                                                                                                                • Opcode ID: 77259c4cc41cffc2c3f1a4c23cf7c52fadd24801fbce19dc13b5509f2f44b2df
                                                                                                                                • Instruction ID: 678f39d033c0412faf22e480172bcae9d5ed5ff02f4d7ea20f85db2702a3a2d8
                                                                                                                                • Opcode Fuzzy Hash: 77259c4cc41cffc2c3f1a4c23cf7c52fadd24801fbce19dc13b5509f2f44b2df
                                                                                                                                • Instruction Fuzzy Hash: A3113061A1CF8281EB229B62F4443AA736AFF497A4F441176DA8D43B74EF3CE544C700
                                                                                                                                Function 00007FFE013F0F30 Relevance: 9.1, APIs: 6, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1239891234-0
                                                                                                                                • Opcode ID: 50aacc1ba8ac63494cc2825d4720d0296b93f697952a9719d0efef972ad78f68
                                                                                                                                • Instruction ID: 95a7c2cddedb830fca61700d3f7fc7bc1951d4d834d7aae6fe44a9f5579e8518
                                                                                                                                • Opcode Fuzzy Hash: 50aacc1ba8ac63494cc2825d4720d0296b93f697952a9719d0efef972ad78f68
                                                                                                                                • Instruction Fuzzy Hash: 1A313F76608B82C6DB609F25E8403E973A4FB88B48F55013AEB8D4BB69DF7CD545CB00
                                                                                                                                Function 00007FFE013EF8D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 55COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,00000002,00007FFE013EFC4E,?,?,?,00000000,?,00000092,?), ref: 00007FFE013EF925
                                                                                                                                • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,00000002,00007FFE013EFC4E,?,?,?,00000000,?,00000092,?), ref: 00007FFE013EF969
                                                                                                                                • GetACP.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,00000002,00007FFE013EFC4E,?,?,?,00000000,?,00000092,?), ref: 00007FFE013EF97F
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InfoLocale
                                                                                                                                • String ID: ACP$OCP
                                                                                                                                • API String ID: 2299586839-711371036
                                                                                                                                • Opcode ID: 73773a8882f4d354970d23b90f74c2a86361736c284bf30165171261c67cd652
                                                                                                                                • Instruction ID: 95ffff4af748a9e6f4c8616363938c211179d3b801bb71f5f89a196154f884de
                                                                                                                                • Opcode Fuzzy Hash: 73773a8882f4d354970d23b90f74c2a86361736c284bf30165171261c67cd652
                                                                                                                                • Instruction Fuzzy Hash: 87218131A0C78392FB208B11E4405BAA3A9FF59784F554035EA8D4B6F8DFBDE845C740
                                                                                                                                Function 00007FFE11516078 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Eval_Thread$Arg_ParseRestoreSaveSizeTuple_listen
                                                                                                                                • String ID: |i:listen
                                                                                                                                • API String ID: 3610171639-1087349693
                                                                                                                                • Opcode ID: 1dd604d63779131d74f0e04f3b2c61a42505648cc2c7e148056a803314711aa5
                                                                                                                                • Instruction ID: b1bb20b004de9d352861dae4f4f3015c6030e67bea28408d4d7ec14d7082370a
                                                                                                                                • Opcode Fuzzy Hash: 1dd604d63779131d74f0e04f3b2c61a42505648cc2c7e148056a803314711aa5
                                                                                                                                • Instruction Fuzzy Hash: C3014021B1CF8283EB468B57E48406A637AFF84BA0F1441B5DA4E43B74EF7CE4948700
                                                                                                                                Function 00007FFE01425E74 Relevance: 7.8, APIs: 5, Instructions: 327fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorFileLastWrite$ConsoleOutput
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1443284424-0
                                                                                                                                • Opcode ID: fa85c37a5e9ba8bf9035f2b110f334415420467121762107b6b96761b37d1af9
                                                                                                                                • Instruction ID: 7ea428088fc73bfd4705d506268eea354462677e0e75ee263f6cfa2dde86f908
                                                                                                                                • Opcode Fuzzy Hash: fa85c37a5e9ba8bf9035f2b110f334415420467121762107b6b96761b37d1af9
                                                                                                                                • Instruction Fuzzy Hash: A4D11032B19A818AEB10CF74D4402AD7BB1FB55B98F554135DE4E5BBA9DE3CE44AC300
                                                                                                                                Function 00007FFE013EFA58 Relevance: 7.7, APIs: 5, Instructions: 200COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FFE01392900: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE013F2861), ref: 00007FFE0139290A
                                                                                                                                  • Part of subcall function 00007FFE01392900: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE013F2861), ref: 00007FFE01392950
                                                                                                                                  • Part of subcall function 00007FFE01392900: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE013F2861), ref: 00007FFE013929A3
                                                                                                                                • GetUserDefaultLCID.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,00000000,?,00000092,?), ref: 00007FFE013EFC20
                                                                                                                                • IsValidCodePage.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,00000000,?,00000092,?), ref: 00007FFE013EFC5B
                                                                                                                                • IsValidLocale.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,00000000,?,00000092,?), ref: 00007FFE013EFC75
                                                                                                                                • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,00000000,?,00000092,?), ref: 00007FFE013EFCC2
                                                                                                                                • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,00000000,?,00000092,?), ref: 00007FFE013EFCE1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLastLocale$InfoValid$CodeDefaultPageUser
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1491647067-0
                                                                                                                                • Opcode ID: 8bc2d49000242995dabf5c358893cb775ecc986712979215801f7b5831ed4e28
                                                                                                                                • Instruction ID: da947917f2cd3e3237aa73d017f93ca7708f04a72f81bd7b804411e6030264c1
                                                                                                                                • Opcode Fuzzy Hash: 8bc2d49000242995dabf5c358893cb775ecc986712979215801f7b5831ed4e28
                                                                                                                                • Instruction Fuzzy Hash: 76816972A0C74286FB20DB60D8912BE33E8BB54B48F564435DE0D5B2E8EEBCE945C350
                                                                                                                                Function 00007FFE0139D5C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 84libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,?,?,00007FFE01381679), ref: 00007FFE0139D65F
                                                                                                                                • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,?,00007FFE01381679), ref: 00007FFE013D5F8C
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressInfoLocaleProc
                                                                                                                                • String ID: GetLocaleInfoEx$IsValidLocaleName
                                                                                                                                • API String ID: 2353564440-3594675595
                                                                                                                                • Opcode ID: 3d67c95f89377f80dc67d7afe21c7dc6fd59030b2bd6784bef41434d6fe2efc1
                                                                                                                                • Instruction ID: c2b13d5088402fae92a36dc2678db7181b23a7444e02e8a07aad022c4c8c61e0
                                                                                                                                • Opcode Fuzzy Hash: 3d67c95f89377f80dc67d7afe21c7dc6fd59030b2bd6784bef41434d6fe2efc1
                                                                                                                                • Instruction Fuzzy Hash: 8731DF21B09B0282FB148B16B8101B563E0AF58BE8F4A5535ED5D5F7B8EE3CE8458380
                                                                                                                                Function 00007FFE013C98F4 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • IsDebuggerPresent.API-MS-WIN-CORE-DEBUG-L1-1-0(?,?,00000000,00007FFE013C9AEB,?,?,?,?,00007FFE013C9A46,?,?,?,?,00007FFE013D0F58), ref: 00007FFE013C98FD
                                                                                                                                • SetUnhandledExceptionFilter.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FFE013C9AEB,?,?,?,?,00007FFE013C9A46,?,?,?,?,00007FFE013D0F58), ref: 00007FFE013C9915
                                                                                                                                • UnhandledExceptionFilter.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FFE013C9AEB,?,?,?,?,00007FFE013C9A46,?,?,?,?,00007FFE013D0F58), ref: 00007FFE013C991E
                                                                                                                                • GetCurrentProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,00000000,00007FFE013C9AEB,?,?,?,?,00007FFE013C9A46,?,?,?,?,00007FFE013D0F58), ref: 00007FFE013C9937
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterUnhandled$CurrentDebuggerPresentProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2506494423-0
                                                                                                                                • Opcode ID: bc0a17b56fa287744e782d3f3bb8d9390f05734331d2ca113270627cfd11d1bf
                                                                                                                                • Instruction ID: 0c906b57959c97529fa53cc16d0741f286038e4c5e651d7a93cc5245d54873a0
                                                                                                                                • Opcode Fuzzy Hash: bc0a17b56fa287744e782d3f3bb8d9390f05734331d2ca113270627cfd11d1bf
                                                                                                                                • Instruction Fuzzy Hash: ABF07D71E09A06C6FB546B71E8153B46251EF99B4EF051434D90E4E2B1DFBD64C5CB40
                                                                                                                                Function 00007FFE013ED2F0 Relevance: 4.5, APIs: 3, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00007FFE01381718), ref: 00007FFE013ED31C
                                                                                                                                • EnumSystemLocalesW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,?,?,?,?,00000000,?,00007FFE01381718), ref: 00007FFE013ED355
                                                                                                                                • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00007FFE01381718), ref: 00007FFE013ED376
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalSection$EnterEnumLeaveLocalesSystem
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2886288447-0
                                                                                                                                • Opcode ID: 38c71085e82ae7786b4cb33ebf5ae7edfef5d039e048a421b31bd6e5d3cf52f9
                                                                                                                                • Instruction ID: 99e9de709527d2cd4aac8b07854816cf48e15b551fc88ad771b6ce41757a70a7
                                                                                                                                • Opcode Fuzzy Hash: 38c71085e82ae7786b4cb33ebf5ae7edfef5d039e048a421b31bd6e5d3cf52f9
                                                                                                                                • Instruction Fuzzy Hash: 19113932A08B4282EB00CB19F8901A96361FB98B88F845132EA8E87778DF3CE555C300
                                                                                                                                Function 00007FFE013EF3D4 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FFE01392900: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE013F2861), ref: 00007FFE0139290A
                                                                                                                                  • Part of subcall function 00007FFE01392900: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE013F2861), ref: 00007FFE01392950
                                                                                                                                • GetPrimaryLen.LIBCMT ref: 00007FFE013EF43D
                                                                                                                                • EnumSystemLocalesW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,00000040,00007FFE013EFBF3,?,?,?,00000000,?,00000092,?,?,?,00007FFE013D2084), ref: 00007FFE013EF452
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$EnumLocalesPrimarySystem
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1794546269-0
                                                                                                                                • Opcode ID: 673be9be1899655fd0f1502e737552d3ef5fc48f47595e0e578b0b5e2ad3a46a
                                                                                                                                • Instruction ID: 8450839b74bcff4c1b8742bef10ccbe699852cbf58d80b8a7c240842881fc90c
                                                                                                                                • Opcode Fuzzy Hash: 673be9be1899655fd0f1502e737552d3ef5fc48f47595e0e578b0b5e2ad3a46a
                                                                                                                                • Instruction Fuzzy Hash: A511C663A0C78586EB518F25E4402AD37E1EBA1BE0F558235D6194B3E9DE7CD581C740
                                                                                                                                Function 00007FFE013EF488 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FFE01392900: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE013F2861), ref: 00007FFE0139290A
                                                                                                                                  • Part of subcall function 00007FFE01392900: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE013F2861), ref: 00007FFE01392950
                                                                                                                                • GetPrimaryLen.LIBCMT ref: 00007FFE013EF4CC
                                                                                                                                • EnumSystemLocalesW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,00000002,00007FFE013EFB72,?,?,?,00000000,?,00000092,?,?,?,00007FFE013D2084), ref: 00007FFE013EF4E4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$EnumLocalesPrimarySystem
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1794546269-0
                                                                                                                                • Opcode ID: 9715aa00748507d3cb7bd37f9afbfb145119054f98251216db61c65602e6372e
                                                                                                                                • Instruction ID: 980d7ad53ee18c60c127228102f449002b832007b1ffe7bc4746292c700cb6b7
                                                                                                                                • Opcode Fuzzy Hash: 9715aa00748507d3cb7bd37f9afbfb145119054f98251216db61c65602e6372e
                                                                                                                                • Instruction Fuzzy Hash: 98F0C8A3A0C78182FB014F25D44037976D5DBA07A4F168331D62C4B2F9DEBC94918B00
                                                                                                                                Function 00007FFE11516594 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memsetrecvfrom
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3853191257-0
                                                                                                                                • Opcode ID: 1c1bb35f1ba1ca9bc52f53e3dda2dfb8550f660c07735227e8050b977bbad510
                                                                                                                                • Instruction ID: 9888e748f31b6c05f7cdaffc4aef22ce5bf7f98f86b32d8c9c2cb44ff263d6a0
                                                                                                                                • Opcode Fuzzy Hash: 1c1bb35f1ba1ca9bc52f53e3dda2dfb8550f660c07735227e8050b977bbad510
                                                                                                                                • Instruction Fuzzy Hash: EDF01DB6A14F8582DB208F66E04016973B5F748FE8B648221DF6C477B8DF38C490C740
                                                                                                                                Function 00007FFE013EF36C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FFE01392900: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE013F2861), ref: 00007FFE0139290A
                                                                                                                                  • Part of subcall function 00007FFE01392900: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE013F2861), ref: 00007FFE01392950
                                                                                                                                • EnumSystemLocalesW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,00000002,00007FFE013EFC17,?,?,?,00000000,?,00000092,?,?,?,00007FFE013D2084), ref: 00007FFE013EF3B3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2417226690-0
                                                                                                                                • Opcode ID: 42fa82f3de2ab80ec0cd7c09b23062035a529d418322d0db4325bc66b7f1d5e7
                                                                                                                                • Instruction ID: aba8bcff1c89b1203eb6785a29f2002911645ed3c4d899dacec0b388438b3379
                                                                                                                                • Opcode Fuzzy Hash: 42fa82f3de2ab80ec0cd7c09b23062035a529d418322d0db4325bc66b7f1d5e7
                                                                                                                                • Instruction Fuzzy Hash: 51F08962B0878541DB105F75E5403A9B7E5EB94BB4F558231D678873F5CEBCC490C300
                                                                                                                                Function 00007FFE013C51E8 Relevance: 82.7, APIs: 44, Strings: 3, Instructions: 459COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Name::operator+Name::operator+=$Decorator::getName$Name::Name::operator=$Name::doPchar$DimensionSigned$DataDecoratedEncodingStringSymbolType
                                                                                                                                • String ID: `anonymous namespace'$`string'$operator
                                                                                                                                • API String ID: 2020783597-815891235
                                                                                                                                • Opcode ID: d2ab21432e8f2a8809b115bdb0fd4948e43d635353f358b1e98a5d3f26d501a5
                                                                                                                                • Instruction ID: bcd7a0b2adf78ba6b7ba62fb01e87de04de797cb0f5a6645c56d5ff056a9b0aa
                                                                                                                                • Opcode Fuzzy Hash: d2ab21432e8f2a8809b115bdb0fd4948e43d635353f358b1e98a5d3f26d501a5
                                                                                                                                • Instruction Fuzzy Hash: CC228D62F19A6688FB14DB60D8902FD27B2BB15788F564032DA0E5F6BADF2CF545C300
                                                                                                                                Function 00007FFE013C3240 Relevance: 73.8, APIs: 17, Strings: 25, Instructions: 277COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Name::operator=$Name::operator+Name::operator+=$Decorator::getNameName::Type$DataName::doPchar
                                                                                                                                • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $bool$char$char16_t$char32_t$const$double$float$int$long$long $short$signed $unsigned $void$volatile$wchar_t
                                                                                                                                • API String ID: 1480303775-3737837666
                                                                                                                                • Opcode ID: 98600e0f02437c323d5596bfd4853c04388376c0f65e739e1899551412cd3cea
                                                                                                                                • Instruction ID: 849f06fdc58731df39017ff29cf77ec3364ceebe3df0934b21bb9605ad1084db
                                                                                                                                • Opcode Fuzzy Hash: 98600e0f02437c323d5596bfd4853c04388376c0f65e739e1899551412cd3cea
                                                                                                                                • Instruction Fuzzy Hash: E3D159A2E19A5395FB20DB94E8802BC73B2BF14394F928532DA0D9E6B5DF3CE544D300
                                                                                                                                Function 00007FFE11EB2610 Relevance: 73.7, APIs: 12, Strings: 30, Instructions: 229COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Module_$Constant$FromType$LongModuleSpecType_$Err_ExceptionLong_ObjectStateTuple_With
                                                                                                                                • String ID: CHECK_CRC32$CHECK_CRC64$CHECK_ID_MAX$CHECK_NONE$CHECK_SHA256$CHECK_UNKNOWN$Call to liblzma failed.$FILTER_ARM$FILTER_ARMTHUMB$FILTER_DELTA$FILTER_IA64$FILTER_LZMA1$FILTER_LZMA2$FILTER_POWERPC$FILTER_SPARC$FILTER_X86$FORMAT_ALONE$FORMAT_AUTO$FORMAT_RAW$FORMAT_XZ$MF_BT2$MF_BT3$MF_BT4$MF_HC3$MF_HC4$MODE_FAST$MODE_NORMAL$PRESET_DEFAULT$PRESET_EXTREME$_lzma.LZMAError
                                                                                                                                • API String ID: 2322464913-730042774
                                                                                                                                • Opcode ID: 8b66aa539901c0725c843410b367eb272ac3cb6589d1954789954729d8d46d13
                                                                                                                                • Instruction ID: f2973c6a710d3634e7494f2cf6b3ed82124420baae19a77458fd07da80135695
                                                                                                                                • Opcode Fuzzy Hash: 8b66aa539901c0725c843410b367eb272ac3cb6589d1954789954729d8d46d13
                                                                                                                                • Instruction Fuzzy Hash: F8A18E20B08E1355E724ABA3ED416B7225DBF44BE0F4892B2CE5D86675DE2DF409C718
                                                                                                                                Function 00007FFE013C6B90 Relevance: 59.7, APIs: 30, Strings: 4, Instructions: 242COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Decorator::get$Name::operator+=$DimensionSigned$Name$Name::operator+$DecoratedName::$DataName::doName::getPcharStringType
                                                                                                                                • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-
                                                                                                                                • API String ID: 283215372-4167119577
                                                                                                                                • Opcode ID: 206bb17a35856a5c12e7a0737586105bcbeb8d34386c92626a515356f002b652
                                                                                                                                • Instruction ID: 2172128197456141c4b7be8956d91bae9c7d7b4b676f87a1acddc58bc5070c4f
                                                                                                                                • Opcode Fuzzy Hash: 206bb17a35856a5c12e7a0737586105bcbeb8d34386c92626a515356f002b652
                                                                                                                                • Instruction Fuzzy Hash: 06B15BA2F0C64388FB109B64D4562FC2762AF45788F964036DA0D1BBB6DF7CE54AD740
                                                                                                                                Function 00007FFE1A4594B8 Relevance: 58.1, APIs: 4, Strings: 29, Instructions: 382COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Name::operator+
                                                                                                                                • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                                                                                                                                • API String ID: 2943138195-1482988683
                                                                                                                                • Opcode ID: 9af3000e46094686c92b09a1ab6ba282d3ea35f814097fcec630d6e6c72122d6
                                                                                                                                • Instruction ID: 5c88346a1f5f333869e985466dc0456801a4d5599bf480a8075749a0f3c82d9e
                                                                                                                                • Opcode Fuzzy Hash: 9af3000e46094686c92b09a1ab6ba282d3ea35f814097fcec630d6e6c72122d6
                                                                                                                                • Instruction Fuzzy Hash: 810262B6F18E1288FB14AB66D9501FC27B1BB06B64F5441F7CA0D93ABADF2C9564C340
                                                                                                                                Function 00007FFE11513D80 Relevance: 58.0, APIs: 19, Strings: 14, Instructions: 244networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_Format$Deallochtons
                                                                                                                                • String ID: %s(): AF_HYPERV address must be tuple, not %.500s$%s(): AF_HYPERV address service_id is not a valid UUID string$%s(): AF_HYPERV address vm_id is not a valid UUID string$%s(): AF_INET address must be tuple, not %.500s$%s(): AF_INET6 address must be tuple, not %.500s$%s(): bad family$%s(): flowinfo must be 0-1048575.$%s(): port must be 0-65535.$%s(): unknown Bluetooth protocol$%s(): unsupported AF_HYPERV protocol: %d$%s(): wrong format$O&i;AF_INET address must be a pair (host, port)$O&i|II;AF_INET6 address must be a tuple (host, port[, flowinfo[, scopeid]])$UU;AF_HYPERV address must be a str tuple (vm_id, service_id)
                                                                                                                                • API String ID: 2819711985-3631354148
                                                                                                                                • Opcode ID: 8e1881915d7ad1258f229862a5d769ac2d285f5d72e59abb1b34cb8f05b7e779
                                                                                                                                • Instruction ID: 426b544f9bc36422fbe29a7673ee7835e8ad4757915f90736cb3d3277813310a
                                                                                                                                • Opcode Fuzzy Hash: 8e1881915d7ad1258f229862a5d769ac2d285f5d72e59abb1b34cb8f05b7e779
                                                                                                                                • Instruction Fuzzy Hash: F2C13B72A08F4296EB12CF66D8541B937BAFB44BA8F405172DA4D476B4EF3CE545C301
                                                                                                                                Function 00007FFE013C4A24 Relevance: 48.3, APIs: 32, Instructions: 343COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Name::operator+$Decorator::get$DataIndirectNameName::Name::doName::operator+=PcharScopeType
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3173522582-0
                                                                                                                                • Opcode ID: 02306cc864f4b2e9e10b5f856ee9659bc945c0b58451fc261a502ca0a1775c45
                                                                                                                                • Instruction ID: 1fc0576e57f450e72c2b118c921e8002a3e826a2a025ccab5037427d65d7cc78
                                                                                                                                • Opcode Fuzzy Hash: 02306cc864f4b2e9e10b5f856ee9659bc945c0b58451fc261a502ca0a1775c45
                                                                                                                                • Instruction Fuzzy Hash: 26F15976B08A829AEB11DF64E4901ED37B1FB04788B458036EA4D5BBAADF3CD519C740
                                                                                                                                Function 00007FFE11515AB0 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 234threadnetworkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_Eval_Thread$AuditLongRestoreSaveSocketSys_$ErrorFormatFromHandleInformationLastLong_ModuleOccurredStringType_Windowsclosesocketgetsocknamegetsockoptmemset
                                                                                                                                • String ID: Oiii$negative file descriptor$socket descriptor string has wrong size, should be %zu bytes.$socket.__new__
                                                                                                                                • API String ID: 3363282672-2881308447
                                                                                                                                • Opcode ID: 04267ebc9d147e07de267a693846aa419f582f40a8f4303f6ede1e2826baac7f
                                                                                                                                • Instruction ID: d556367262900d4fa9a952ed718c5e1d2e3a1b9b107c3e29e13bda39948ae3d9
                                                                                                                                • Opcode Fuzzy Hash: 04267ebc9d147e07de267a693846aa419f582f40a8f4303f6ede1e2826baac7f
                                                                                                                                • Instruction Fuzzy Hash: 3FB1A262E18E8182E7218F2AD8042B97365FB99BB8F045375DE5E136B1EF7CE585C700
                                                                                                                                Function 00007FFE133021F4 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 206timethreadnetworkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _PyTime_FromSecondsObject.PYTHON312(?,?,?,00007FFDFB761B70,?,?,00007FFE133021E3), ref: 00007FFE13302252
                                                                                                                                • PyErr_ExceptionMatches.PYTHON312(?,?,?,00007FFDFB761B70,?,?,00007FFE133021E3), ref: 00007FFE13302266
                                                                                                                                • PyErr_SetString.PYTHON312(?,?,?,00007FFDFB761B70,?,?,00007FFE133021E3), ref: 00007FFE133022B2
                                                                                                                                  • Part of subcall function 00007FFE13302568: PySequence_Fast.PYTHON312(00007FFDFB761B70,?,?,00007FFE133021E3), ref: 00007FFE13302590
                                                                                                                                • _PyDeadline_Init.PYTHON312(?,?,?,00007FFDFB761B70,?,?,00007FFE133021E3), ref: 00007FFE1330236D
                                                                                                                                • PyEval_SaveThread.PYTHON312(?,?,?,00007FFDFB761B70,?,?,00007FFE133021E3), ref: 00007FFE133023A7
                                                                                                                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFDFB761B70,?,?,00007FFE133021E3), ref: 00007FFE133023B0
                                                                                                                                • select.WS2_32(?,?,?,00007FFDFB761B70,?,?,00007FFE133021E3), ref: 00007FFE133023C9
                                                                                                                                • PyEval_RestoreThread.PYTHON312(?,?,?,00007FFDFB761B70,?,?,00007FFE133021E3), ref: 00007FFE133023D5
                                                                                                                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFDFB761B70,?,?,00007FFE133021E3), ref: 00007FFE133023DB
                                                                                                                                • PyErr_CheckSignals.PYTHON312(?,?,?,00007FFDFB761B70,?,?,00007FFE133021E3), ref: 00007FFE133023EA
                                                                                                                                • _PyDeadline_Get.PYTHON312(?,?,?,00007FFDFB761B70,?,?,00007FFE133021E3), ref: 00007FFE13302407
                                                                                                                                • _PyTime_AsTimeval_clamp.PYTHON312(?,?,?,00007FFDFB761B70,?,?,00007FFE133021E3), ref: 00007FFE13302425
                                                                                                                                • PyErr_Occurred.PYTHON312(?,?,?,00007FFDFB761B70,?,?,00007FFE133021E3), ref: 00007FFE13302480
                                                                                                                                • PyTuple_Pack.PYTHON312(?,?,?,00007FFDFB761B70,?,?,00007FFE133021E3), ref: 00007FFE13302497
                                                                                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFDFB761B70,?,?,00007FFE133021E3), ref: 00007FFE133024B4
                                                                                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFDFB761B70,?,?,00007FFE133021E3), ref: 00007FFE133024CD
                                                                                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFDFB761B70,?,?,00007FFE133021E3), ref: 00007FFE133024E6
                                                                                                                                • WSAGetLastError.WS2_32(?,?,?,00007FFDFB761B70,?,?,00007FFE133021E3), ref: 00007FFE1330254C
                                                                                                                                • PyErr_SetExcFromWindowsErr.PYTHON312(?,?,?,00007FFDFB761B70,?,?,00007FFE133021E3), ref: 00007FFE1330255E
                                                                                                                                  • Part of subcall function 00007FFE13302568: PyObject_AsFileDescriptor.PYTHON312(?,?,00007FFE133021E3), ref: 00007FFE13302602
                                                                                                                                  • Part of subcall function 00007FFE13302568: PyErr_SetString.PYTHON312(?,?,00007FFE133021E3), ref: 00007FFE13302688
                                                                                                                                  • Part of subcall function 00007FFE13302568: _Py_Dealloc.PYTHON312(?,?,00007FFE133021E3), ref: 00007FFE1330269C
                                                                                                                                  • Part of subcall function 00007FFE13302568: _Py_Dealloc.PYTHON312(?,?,00007FFE133021E3), ref: 00007FFE133026B0
                                                                                                                                  • Part of subcall function 00007FFE13302568: _Py_Dealloc.PYTHON312(?,?,00007FFE133021E3), ref: 00007FFE133026CB
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938594897.00007FFE13301000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938578259.00007FFE13300000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938612939.00007FFE13303000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938629391.00007FFE13305000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938646123.00007FFE13306000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DeallocErr_$Deadline_Eval_FromStringThreadTime__errno$CheckDescriptorErrorExceptionFastFileInitLastMatchesObjectObject_OccurredPackRestoreSaveSecondsSequence_SignalsTimeval_clampTuple_Windowsselect
                                                                                                                                • String ID: timeout must be a float or None$timeout must be non-negative
                                                                                                                                • API String ID: 1581318368-2150404077
                                                                                                                                • Opcode ID: 7d38a3b17ebf55bf49675b82177c9a06bc5c3781fec886ab968ba646aff31ed1
                                                                                                                                • Instruction ID: 065c4f3ec4e4ea3d23fe05677bb236957c9b51de219979240fb327d50240b1cb
                                                                                                                                • Opcode Fuzzy Hash: 7d38a3b17ebf55bf49675b82177c9a06bc5c3781fec886ab968ba646aff31ed1
                                                                                                                                • Instruction Fuzzy Hash: A2916031A08E8389EB249F22D8442BE63A4FF64BB4F404171DA6DA7AB8DF3CD545C704
                                                                                                                                Function 00007FFE1A45CDBC Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Name::operator+$Replicator::operator[]
                                                                                                                                • String ID: `anonymous namespace'
                                                                                                                                • API String ID: 3863519203-3062148218
                                                                                                                                • Opcode ID: c2c563be3abc2cd025459880134dd91d33137c93c5547e13454a58e5101b2a40
                                                                                                                                • Instruction ID: b0aecc6a5b2ee625eb65b6c04eb6cd1c2b65b4eb29808fc0c3c241776bc2e4aa
                                                                                                                                • Opcode Fuzzy Hash: c2c563be3abc2cd025459880134dd91d33137c93c5547e13454a58e5101b2a40
                                                                                                                                • Instruction Fuzzy Hash: A2E16DB2B08F8299EB10EF26D8801BD77A0FB45B58F4081B6EA8D17B65DF38D565C700
                                                                                                                                Function 00007FFE11EA7184 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 156threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Dealloc$Err_LongString$Bytes_FromLong_ModuleOccurredSizeStateThread_allocate_lockType_Unsigned
                                                                                                                                • String ID: Cannot specify filters except with FORMAT_RAW$Cannot specify memory limit with FORMAT_RAW$Invalid container format: %d$Must specify filters for FORMAT_RAW$Unable to allocate lock
                                                                                                                                • API String ID: 553332449-1518367256
                                                                                                                                • Opcode ID: 1867860c6624fab58e7be931ed0897b3e3b5a7b60a45140879a5590b013d8165
                                                                                                                                • Instruction ID: c43085ef694ae5c51b8e02bac71d0bb88b9a427eaca29d8b937fe00a89ef95f8
                                                                                                                                • Opcode Fuzzy Hash: 1867860c6624fab58e7be931ed0897b3e3b5a7b60a45140879a5590b013d8165
                                                                                                                                • Instruction Fuzzy Hash: D1614621E08E4289EB64CFA7AC1467B63A8BF45FB4F0841B6DD0E063B4DF3DA4448314
                                                                                                                                Function 00007FFE11EB00E8 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 112COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_$LongMem_String$Arg_CallocClearDeallocExceptionFreeItemKeywords_Long_Mapping_MatchesOccurredParseSizeTupleUnsigned
                                                                                                                                • String ID: Invalid compression preset: %u$Invalid filter specifier for LZMA filter$preset$|OOO&O&O&O&O&O&O&O&
                                                                                                                                • API String ID: 1879153319-1461672608
                                                                                                                                • Opcode ID: 8417e614f1d500f67b7fc05ef083ba9e0f1382ea6e810784a925ecbbc0dd8382
                                                                                                                                • Instruction ID: 018bb7f7122afa944da88c255f4deccbe6c92f14fa315e9dbf52682e3ad09221
                                                                                                                                • Opcode Fuzzy Hash: 8417e614f1d500f67b7fc05ef083ba9e0f1382ea6e810784a925ecbbc0dd8382
                                                                                                                                • Instruction Fuzzy Hash: 2F51E836A09F4295EB208F92FC406AA77A8FB88BA0F544176CA8D43775DF3CE459C744
                                                                                                                                Function 00007FFE11518194 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 71COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Buffer_Release$Err_$String$From$Arg_ErrnoFormatParseSizeTuple_Unicode_inet_ntop
                                                                                                                                • String ID: invalid length of packed IP address string$iy*:inet_ntop$unknown address family %d
                                                                                                                                • API String ID: 1507301079-2822559286
                                                                                                                                • Opcode ID: da31bfa32fa8dceb5393cac8a68f2152996136d61796e77c4bbc28237e009f20
                                                                                                                                • Instruction ID: a3d0d79a4c56aecef176ef9ad4a0144346ef76cb7b9bf8d14a5b928132454229
                                                                                                                                • Opcode Fuzzy Hash: da31bfa32fa8dceb5393cac8a68f2152996136d61796e77c4bbc28237e009f20
                                                                                                                                • Instruction Fuzzy Hash: F1310D61A58D8381FB628B26E8906F923BAFF88B64F401472D54F87674EF6CE449C701
                                                                                                                                Function 00007FFE013C7738 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 195COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Decorator::getNameReplicator::operator+=Template
                                                                                                                                • String ID: generic-type-$template-parameter-
                                                                                                                                • API String ID: 2731555906-13229604
                                                                                                                                • Opcode ID: 807daf277988afa25981cc5e3adf780ae8c5a9f6f43c8f2aa980fa52882d43c7
                                                                                                                                • Instruction ID: 2b4b6c04ad3a8c30da8700da579966a7c8fb396445787ae9c2fe7721524b61e2
                                                                                                                                • Opcode Fuzzy Hash: 807daf277988afa25981cc5e3adf780ae8c5a9f6f43c8f2aa980fa52882d43c7
                                                                                                                                • Instruction Fuzzy Hash: 23919A62A19B8689FB11CB64D8506FD3BB1AB45B88F821032DE4D5B7B6DF3CE505D700
                                                                                                                                Function 00007FFE11515144 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 114networkthreadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$Eval_Thread$Err_$CheckDeadline_RestoreSaveSignals$InitStringTime_Timeval_clampselect
                                                                                                                                • String ID: timed out
                                                                                                                                • API String ID: 497267021-3163636755
                                                                                                                                • Opcode ID: 8048b4ae316fdf912cb11b0f3ce4ab9d7ecbb7bf006f07ec21ad1d61a967340c
                                                                                                                                • Instruction ID: 7b7aaddb26bc0ea62c8c62c1a903cbc4841165b27fcf1085146228ebec22487f
                                                                                                                                • Opcode Fuzzy Hash: 8048b4ae316fdf912cb11b0f3ce4ab9d7ecbb7bf006f07ec21ad1d61a967340c
                                                                                                                                • Instruction Fuzzy Hash: C2419436E18E4381F7275B63A4442B962AABF46B78F1C01B0DD6E427B4DF3CE8858601
                                                                                                                                Function 00007FFE11516C48 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 82COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Arg_Err_ParseSizeTuple_$Buffer_ClearReleasesetsockopt$Format
                                                                                                                                • String ID: iiO!I:setsockopt$iii:setsockopt$iiy*:setsockopt$socket option is larger than %i bytes
                                                                                                                                • API String ID: 418579395-1608436615
                                                                                                                                • Opcode ID: 00bb59efab9f7172e8937e6f66c8eab6ad29b02b98a3246fc78355982980a26d
                                                                                                                                • Instruction ID: 753bad5d558dd3fe792ad9c25f913c158979d38df1b37f3bba43b820d6127730
                                                                                                                                • Opcode Fuzzy Hash: 00bb59efab9f7172e8937e6f66c8eab6ad29b02b98a3246fc78355982980a26d
                                                                                                                                • Instruction Fuzzy Hash: 9A410A32608E8692EB218F22E4446A9737AFB89BA4F500171DA9D43B74EF7CD548C741
                                                                                                                                Function 00007FFE115129A0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 74COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: From$AuditCharComputerErr_ErrorLastNameSys_Unicode_WideWindows
                                                                                                                                • String ID: socket.gethostname
                                                                                                                                • API String ID: 1075394898-2650736202
                                                                                                                                • Opcode ID: 3405576d76487752179143ca9e9ce24f0a64481455d61518cebafc033de9272a
                                                                                                                                • Instruction ID: 3765824de3d318c62012cb520c32c43a16fc57bd29e2ac15a2fb7fccf570cd03
                                                                                                                                • Opcode Fuzzy Hash: 3405576d76487752179143ca9e9ce24f0a64481455d61518cebafc033de9272a
                                                                                                                                • Instruction Fuzzy Hash: 64314121B0CF4282E7669B27A81427A63BBFF88BB5F5404B5D94E426B4EF7CE544C600
                                                                                                                                Function 00007FFE11517E54 Relevance: 24.1, APIs: 16, Instructions: 106COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Dealloc$FreeTable$Err_FromList_Windows$AppendBuildConvertInterfaceLuidNameSizeTable2Value_memcpy
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1684791173-0
                                                                                                                                • Opcode ID: 75ac4720bd9ac20c8a6dca0399f09d24f262417c30787c0c26002b61ab87c140
                                                                                                                                • Instruction ID: 0a4a299a714feaa00123630e91d64afefed7020770c97de0085e6669f9917e90
                                                                                                                                • Opcode Fuzzy Hash: 75ac4720bd9ac20c8a6dca0399f09d24f262417c30787c0c26002b61ab87c140
                                                                                                                                • Instruction Fuzzy Hash: 69418332E0CF4282EB669B26E85437A73AAFF84B65F040075D95E426B4EF3CE544CB01
                                                                                                                                Function 00007FFE1A45DC24 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 359COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: NameName::$Name::operator+atolswprintf_s
                                                                                                                                • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
                                                                                                                                • API String ID: 2331677841-2441609178
                                                                                                                                • Opcode ID: 04052d8e5626c1f24672c52f4d573e3506f88365006a7f318b5907256fbad706
                                                                                                                                • Instruction ID: 93562e20a7cb230eb50f8f01d2e8e48d429b6c114f72410326a843cfe3031cc9
                                                                                                                                • Opcode Fuzzy Hash: 04052d8e5626c1f24672c52f4d573e3506f88365006a7f318b5907256fbad706
                                                                                                                                • Instruction Fuzzy Hash: 3FF1AEE2F08E1284FB25FB66D5551BC27A1AF45F64F4040F7CA4E16AB6DF3CA5698300
                                                                                                                                Function 00007FFE130C1D48 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 195libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938510031.00007FFE130C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938494029.00007FFE130C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938526688.00007FFE130C4000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938542624.00007FFE130C6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938561193.00007FFE130C7000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe130c0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DloadSection$AccessExceptionProtectRaiseReleaseWrite$ErrorLastLibraryLoad
                                                                                                                                • String ID: H
                                                                                                                                • API String ID: 3432403771-2852464175
                                                                                                                                • Opcode ID: 0e071de0604d183fb0644e7ce77b347e1e2f363c91ec37c3347462e594843c1b
                                                                                                                                • Instruction ID: 26971ccebfa14ccaa8eab468a57a9ac30178ef6ab99c672eb68b654152bd082c
                                                                                                                                • Opcode Fuzzy Hash: 0e071de0604d183fb0644e7ce77b347e1e2f363c91ec37c3347462e594843c1b
                                                                                                                                • Instruction Fuzzy Hash: AA914B32A15F128AEB05CF66D8406A833F2FB28768F8545B5DE0D27B65EF78E445C300
                                                                                                                                Function 00007FFE11EA7F84 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 116COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Arg_Buffer_$ArgumentBufferContiguousErr_IndexKeywordsLong_Number_Object_OccurredReleaseSsize_tUnpackmemset
                                                                                                                                • String ID: argument 'data'$contiguous buffer$decompress
                                                                                                                                • API String ID: 883004049-2667845042
                                                                                                                                • Opcode ID: a0ceb6e80e3e7280ac3f19f8773f4dcbf3ce71477609682742b3c7844e3c9f11
                                                                                                                                • Instruction ID: 5bc95c2f0d3a77b0c959c083f4d5fea606ed0adc7e73a68753030e638c12f784
                                                                                                                                • Opcode Fuzzy Hash: a0ceb6e80e3e7280ac3f19f8773f4dcbf3ce71477609682742b3c7844e3c9f11
                                                                                                                                • Instruction Fuzzy Hash: 8F416D31A49F4286EB108B93EC84A7A63A8FB59BA1F444172DE5D137B4EF3CE545C700
                                                                                                                                Function 00007FFE11515E90 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 113networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Arg_ParseSizeTuple_$Ioctl$Err_FormatFromLongLong_Unsigned
                                                                                                                                • String ID: invalid ioctl command %lu$k(kkk):ioctl$kI:ioctl$kO:ioctl
                                                                                                                                • API String ID: 1148432870-4238462244
                                                                                                                                • Opcode ID: 281e550bce6c78bd7668c016f160d04607797c634319134c59071ece2302defe
                                                                                                                                • Instruction ID: 53ab78e10ef595d6903633784c73c93a85c51f50159533fd549c102319d18386
                                                                                                                                • Opcode Fuzzy Hash: 281e550bce6c78bd7668c016f160d04607797c634319134c59071ece2302defe
                                                                                                                                • Instruction Fuzzy Hash: E7519F72A28E0289E751CF66E8405ED33B9FB48768F544172EA5E93A78EF3CD544CB40
                                                                                                                                Function 00007FFE11514230 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 101COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Bytes_String$DeallocErr_Size
                                                                                                                                • String ID: encoding of hostname failed$host name must not contain null character$idna$str, bytes or bytearray expected, not %s
                                                                                                                                • API String ID: 2522550923-2120988924
                                                                                                                                • Opcode ID: 7e83059e8b44ae695e1944d6d4c487bf6ffb85ae8c0ab70a37bc135e2c9e2e91
                                                                                                                                • Instruction ID: ff202637f90ebee442f13f965fa6eeb45b794d3104d806cceb4f7f30ef4e9040
                                                                                                                                • Opcode Fuzzy Hash: 7e83059e8b44ae695e1944d6d4c487bf6ffb85ae8c0ab70a37bc135e2c9e2e91
                                                                                                                                • Instruction Fuzzy Hash: 59414C66A09F4281EB5A8F57E89437827AAAF45BA4F546575CA2E473B0DF3CE4D0C300
                                                                                                                                Function 00007FFE11EB0570 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 143threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DeallocErr_$Arg_FormatKeywords_ModuleParseSizeStateStringThread_allocate_lockTupleType_
                                                                                                                                • String ID: Cannot specify both preset and filter chain$Integrity checks are only supported by FORMAT_XZ$Invalid container format: %d$Unable to allocate lock$|iiOO:LZMACompressor
                                                                                                                                • API String ID: 1600877341-3984722346
                                                                                                                                • Opcode ID: 77ffa3b08e542e0f60acbba16875cd9370a5d4c1432a4bb831e8e8e7c99ccac2
                                                                                                                                • Instruction ID: f99da657192a5eddc1d7eabe3b2728623e422f765339f71fb7337e1185b59909
                                                                                                                                • Opcode Fuzzy Hash: 77ffa3b08e542e0f60acbba16875cd9370a5d4c1432a4bb831e8e8e7c99ccac2
                                                                                                                                • Instruction Fuzzy Hash: C3612832A09F1289EB109FA6EC404AA37B8FB48BA8F544573DA4D43B68DF3CE545C744
                                                                                                                                Function 00007FFE1A45B280 Relevance: 19.9, APIs: 13, Instructions: 361COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Name::operator+
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2943138195-0
                                                                                                                                • Opcode ID: 9a3856515ab70ac0cbef49cb78169d28014df4ca819d0bec0dbbb0bc7461e156
                                                                                                                                • Instruction ID: 2e7bae8358ff074180c73b1976c0d414eba33ed367bfbf5dccadc2b75fdc8e4b
                                                                                                                                • Opcode Fuzzy Hash: 9a3856515ab70ac0cbef49cb78169d28014df4ca819d0bec0dbbb0bc7461e156
                                                                                                                                • Instruction Fuzzy Hash: 62F1AEB6B08A829EF711EF66D4501FC37B0EB04B5CB4044B3EA4D57AA9EE38D566C740
                                                                                                                                Function 00007FFE11EAFF98 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 97COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • PyMapping_Check.PYTHON312(?,?,?,00000028,00007FFE11EAFF1F,?,00000000,00007FFE11EAFE54), ref: 00007FFE11EAFFBD
                                                                                                                                • PyMapping_GetItemString.PYTHON312(?,?,?,00000028,00007FFE11EAFF1F,?,00000000,00007FFE11EAFE54), ref: 00007FFE11EAFFD7
                                                                                                                                • PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00000028,00007FFE11EAFF1F,?,00000000,00007FFE11EAFE54), ref: 00007FFE11EAFFEC
                                                                                                                                • PyErr_Occurred.PYTHON312(?,?,?,00000028,00007FFE11EAFF1F,?,00000000,00007FFE11EAFE54), ref: 00007FFE11EB0003
                                                                                                                                • PyErr_ExceptionMatches.PYTHON312(?,?,?,00000028,00007FFE11EAFF1F,?,00000000,00007FFE11EAFE54), ref: 00007FFE11EB007C
                                                                                                                                • PyErr_Format.PYTHON312(?,?,?,00000028,00007FFE11EAFF1F,?,00000000,00007FFE11EAFE54), ref: 00007FFE11EB00C5
                                                                                                                                • PyErr_SetString.PYTHON312(?,?,?,00000028,00007FFE11EAFF1F,?,00000000,00007FFE11EAFE54), ref: 00007FFE11EB00DE
                                                                                                                                • _Py_Dealloc.PYTHON312(?,?,?,00000028,00007FFE11EAFF1F,?,00000000,00007FFE11EAFE54), ref: 00007FFE11EB58C2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_$LongMapping_String$CheckDeallocExceptionFormatItemLong_MatchesOccurredUnsigned
                                                                                                                                • String ID: Filter specifier must be a dict or dict-like object$Filter specifier must have an "id" entry$Invalid filter ID: %llu
                                                                                                                                • API String ID: 1881886752-3390802605
                                                                                                                                • Opcode ID: 1fa081fbd10db4a062d822dc1773f53400f0e4c773b14382a27f01c264c0f77b
                                                                                                                                • Instruction ID: d32d9cc777639830acf133062f100862dbb71592bedffbdd1a3463a683d6b282
                                                                                                                                • Opcode Fuzzy Hash: 1fa081fbd10db4a062d822dc1773f53400f0e4c773b14382a27f01c264c0f77b
                                                                                                                                • Instruction Fuzzy Hash: 2941DE31A09E4389EB658F97AC9453B67B8BF45BA0F4444B7CA8E46770DE3CF4858309
                                                                                                                                Function 00007FFE11EAFA9C Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 67COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Arg_Buffer_Long$ArgumentBufferCheckContiguousErr_Long_Module_Object_OccurredPositionalReleaseStateUnsignedfreememset
                                                                                                                                • String ID: _decode_filter_properties$argument 2$contiguous buffer
                                                                                                                                • API String ID: 3656606796-2431706548
                                                                                                                                • Opcode ID: c0f874db1016260c34f7af794fc4f78e7b75be8506e7dd097bbed22573c2313e
                                                                                                                                • Instruction ID: 3f1e3445daa4bf5b3626d5275884ad89851285ac2103c9a7651753bfc75f1970
                                                                                                                                • Opcode Fuzzy Hash: c0f874db1016260c34f7af794fc4f78e7b75be8506e7dd097bbed22573c2313e
                                                                                                                                • Instruction Fuzzy Hash: 23314F21B08E46D5EB109BA3EC446AA6368FF54F94F9441B2DA4D437B4DF3CE946C704
                                                                                                                                Function 00007FFE11EA844C Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 60COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_$MemoryString
                                                                                                                                • String ID: Corrupt input data$Input format not supported by decoder$Insufficient buffer space$Internal error$Invalid or unsupported options$Memory usage limit exceeded$Unrecognized error from liblzma: %d$Unsupported integrity check
                                                                                                                                • API String ID: 60457842-2177155514
                                                                                                                                • Opcode ID: cf3915f93a9f2c2bfbd7f01ec892f8c13fb2e26f54dd94fa10a89e65e2c2ae57
                                                                                                                                • Instruction ID: 0d206c38bdecd7b7f02833daef1ae4838f11590057f884f8be90cb33994651db
                                                                                                                                • Opcode Fuzzy Hash: cf3915f93a9f2c2bfbd7f01ec892f8c13fb2e26f54dd94fa10a89e65e2c2ae57
                                                                                                                                • Instruction Fuzzy Hash: CB210C31E1CE2395EBB887DBAD6487B166CBF41772FA450FAC50E056B49E2DF9448304
                                                                                                                                Function 00007FFE11517B54 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 44threadnetworkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Eval_Thread$Arg_AuditErr_FromLongLong_ParseRestoreSaveSizeStringSys_Tuple_getservbynamehtons
                                                                                                                                • String ID: service/proto not found$socket.getservbyname$s|s:getservbyname
                                                                                                                                • API String ID: 1135235387-1257235949
                                                                                                                                • Opcode ID: f630d60e7c6cc646122b2ca1b708a50a84b5ac44005cd5b452673061408953bf
                                                                                                                                • Instruction ID: 822359e4ece13f94a264f894e8618301e9a0c745e7571e610c283fcfd7a80783
                                                                                                                                • Opcode Fuzzy Hash: f630d60e7c6cc646122b2ca1b708a50a84b5ac44005cd5b452673061408953bf
                                                                                                                                • Instruction Fuzzy Hash: 0F111F65A08E4382EB029B17E8442B9737AFF85BA5F540075DA4E47674EF3DE445C700
                                                                                                                                Function 00007FFE1A453334 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 309COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: BlockFrameHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                • API String ID: 4223619315-393685449
                                                                                                                                • Opcode ID: dcb3548c504605ccad87c1df068e82445ce8bfed626f824eb2c4e809fdb80efd
                                                                                                                                • Instruction ID: e48452420167fd4016481dcbd2d7482d51d7b7028674ea83e554c8d18ca61680
                                                                                                                                • Opcode Fuzzy Hash: dcb3548c504605ccad87c1df068e82445ce8bfed626f824eb2c4e809fdb80efd
                                                                                                                                • Instruction Fuzzy Hash: FFD1B3B2B08B4186EB60AF66D4502BD77A0FB45FA8F1041B6EE4D57B65DF38E1A0C700
                                                                                                                                Function 00007FFE1A45ED94 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 192COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Replicator::operator[]
                                                                                                                                • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                                                                                • API String ID: 3676697650-3207858774
                                                                                                                                • Opcode ID: 73310b6c18e80224c33410df5d9c8b136be81ee7f088e8962b8740eac16092a6
                                                                                                                                • Instruction ID: b5c5640df7dcb937c0033f08ff8f980e5b36e6882d1b4293bf9711aad441de39
                                                                                                                                • Opcode Fuzzy Hash: 73310b6c18e80224c33410df5d9c8b136be81ee7f088e8962b8740eac16092a6
                                                                                                                                • Instruction Fuzzy Hash: A591AEA2B18E8699FB21EF22D4512B833B1AB54F68F4481F3DA5D036A5DF3CE565C340
                                                                                                                                Function 00007FFE11515804 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 71COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Bytes_FromSizegetsockopt$Arg_DeallocLongLong_ParseResizeStringTuple_
                                                                                                                                • String ID: getsockopt buflen out of range$ii|i:getsockopt
                                                                                                                                • API String ID: 3532181676-2750947780
                                                                                                                                • Opcode ID: eb7920220ad90dff871de4a1b8073711b22e927aaec72bd8098bb99a282aa305
                                                                                                                                • Instruction ID: d36b6c00d3264d38d07457cee503728578b0ae61a8ecf607270ea2f8eb9cb9b8
                                                                                                                                • Opcode Fuzzy Hash: eb7920220ad90dff871de4a1b8073711b22e927aaec72bd8098bb99a282aa305
                                                                                                                                • Instruction Fuzzy Hash: 53310C72A2CE42C2EB15CF26E48416973BAFB85B68F141175EA8E43A74DF3CD545CB00
                                                                                                                                Function 00007FFE115162A8 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 58COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Buffer_Release$Arg_Err_FromKeywords_Long_ParseSizeSsize_tStringTuple
                                                                                                                                • String ID: buffer too small for requested bytes$negative buffersize in recv_into$w*|ni:recv_into
                                                                                                                                • API String ID: 1544103690-1758107600
                                                                                                                                • Opcode ID: f9c53227e6fdaa7fa629d187077d1b4d95545b4efaaa5b6c412b68bcaee48326
                                                                                                                                • Instruction ID: 7bbaa648b3c28d2f711c034fb22768b4bf9e535fd7698211c3d189423f6e1842
                                                                                                                                • Opcode Fuzzy Hash: f9c53227e6fdaa7fa629d187077d1b4d95545b4efaaa5b6c412b68bcaee48326
                                                                                                                                • Instruction Fuzzy Hash: 38214875A08F4281EB128B53E4442B9637ABB98BA0F40007AC94E837B0EFBCE548C711
                                                                                                                                Function 00007FFE10231030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937462956.00007FFE10231000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE10230000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937447788.00007FFE10230000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937477787.00007FFE10235000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937492187.00007FFE10236000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937505821.00007FFE10237000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe10230000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 349153199-0
                                                                                                                                • Opcode ID: f971a88d3ae81d83572a64a31c4b34b717c22cee03bf39ed2423e9f1d9f776a2
                                                                                                                                • Instruction ID: ef32ae52d0087a034c0314319dc321cd43fd6c7f5656d6a8d262e3b69c5a6ceb
                                                                                                                                • Opcode Fuzzy Hash: f971a88d3ae81d83572a64a31c4b34b717c22cee03bf39ed2423e9f1d9f776a2
                                                                                                                                • Instruction Fuzzy Hash: 8C81BD20E1CE434EF6549B6794412B92AB4AFCDBA0F6484B5DB4D4F7B7DE2CE441CA00
                                                                                                                                Function 00007FFE11EB3360 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 349153199-0
                                                                                                                                • Opcode ID: 23933102bea55ea3a88f1b84a54e170b8e476dc20f3646301724dd3938d08095
                                                                                                                                • Instruction ID: e83e5cf40a5a1158396798a7d484290be314fa470462b83bea36be4bd6df5e20
                                                                                                                                • Opcode Fuzzy Hash: 23933102bea55ea3a88f1b84a54e170b8e476dc20f3646301724dd3938d08095
                                                                                                                                • Instruction Fuzzy Hash: 66819D61E0CE4346F754ABE7AC422BB6298BF457A0F5441B7DE0D477B6DE3CE4058608
                                                                                                                                Function 00007FFE12E11030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938442526.00007FFE12E11000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE12E10000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938423619.00007FFE12E10000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938459898.00007FFE12E12000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938476905.00007FFE12E14000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe12e10000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 349153199-0
                                                                                                                                • Opcode ID: 24c3fed21fc67ae49763962a26a68a14fa9aac4efc55a0f38d91ad800b1c64bd
                                                                                                                                • Instruction ID: 555e997cab77bd3a8ad823740d2bb546a632f8fc335065c3b9f9bf7017ada4ed
                                                                                                                                • Opcode Fuzzy Hash: 24c3fed21fc67ae49763962a26a68a14fa9aac4efc55a0f38d91ad800b1c64bd
                                                                                                                                • Instruction Fuzzy Hash: EF819D60E0CE4346FB569B679C412BB6290AF45BA0F0440BDD90D8B7B6DEBCE845A612
                                                                                                                                Function 00007FFE0E1412CC Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936726409.00007FFE0E141000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E140000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936712283.00007FFE0E140000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936741361.00007FFE0E145000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936757392.00007FFE0E14F000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936771307.00007FFE0E150000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe0e140000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 349153199-0
                                                                                                                                • Opcode ID: 25c34cf625cfd52ada091fdb65a0fc74a29e9636dd4e47856e36c618d7ae6fa2
                                                                                                                                • Instruction ID: e6088ff77c7022c25876cf9b6be1179ab7e633ec9e8e59787675d6053f2648a6
                                                                                                                                • Opcode Fuzzy Hash: 25c34cf625cfd52ada091fdb65a0fc74a29e9636dd4e47856e36c618d7ae6fa2
                                                                                                                                • Instruction Fuzzy Hash: 66818DE1F0A34766F750AB6694412B92691EF45B80F588437DACD877B6EF3CE8828700
                                                                                                                                Function 00007FFE110F1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937820040.00007FFE110F1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFE110F0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937804998.00007FFE110F0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937836088.00007FFE110F2000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937851276.00007FFE110F4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe110f0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 349153199-0
                                                                                                                                • Opcode ID: 24c3fed21fc67ae49763962a26a68a14fa9aac4efc55a0f38d91ad800b1c64bd
                                                                                                                                • Instruction ID: 283acdbc64a62c0521d5a5f43c35f7dd989c5a7e9eaf528640dd1c99276ceb48
                                                                                                                                • Opcode Fuzzy Hash: 24c3fed21fc67ae49763962a26a68a14fa9aac4efc55a0f38d91ad800b1c64bd
                                                                                                                                • Instruction Fuzzy Hash: 06817D65E0CAC347F7509B6794432FB629BAF96BA0F4840B5EA0C877B6DE3CE5458700
                                                                                                                                Function 00007FFE11BB1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938118027.00007FFE11BB1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE11BB0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938101310.00007FFE11BB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938133567.00007FFE11BB3000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938149100.00007FFE11BB4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938163229.00007FFE11BB5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11bb0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 349153199-0
                                                                                                                                • Opcode ID: 632739f6e53f99d3db5e33da1e5c0ad35d4cb4c9218bf9d76c45be126c9d3af3
                                                                                                                                • Instruction ID: cd921e4c4371620cd2e6b644b6f13c4df5dab567804f1508978adce64a0a8128
                                                                                                                                • Opcode Fuzzy Hash: 632739f6e53f99d3db5e33da1e5c0ad35d4cb4c9218bf9d76c45be126c9d3af3
                                                                                                                                • Instruction Fuzzy Hash: 86816961E0DE42C6F7709F67B441AB922ACBF457A0F5460B5E94D87FB6DE2CE4028608
                                                                                                                                Function 00007FFE11071030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937760077.00007FFE11071000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFE11070000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937744877.00007FFE11070000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937775020.00007FFE11073000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937790415.00007FFE11075000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11070000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 349153199-0
                                                                                                                                • Opcode ID: 4f5290068470706af306daab517f58543be73385f34af613a25d9ec276a3a886
                                                                                                                                • Instruction ID: dc3e7f9b584665ec1765054e3e1fde3017f3e453cf6250882cddb70b618a8463
                                                                                                                                • Opcode Fuzzy Hash: 4f5290068470706af306daab517f58543be73385f34af613a25d9ec276a3a886
                                                                                                                                • Instruction Fuzzy Hash: ED818F61E1CF4386FB50AB67A4412B962ABBF45BA0F4480B5D9CC877F6DE3CE4468700
                                                                                                                                Function 00007FFE13301190 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938594897.00007FFE13301000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938578259.00007FFE13300000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938612939.00007FFE13303000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938629391.00007FFE13305000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938646123.00007FFE13306000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 349153199-0
                                                                                                                                • Opcode ID: af286a22ce1a6bda1b61a837db24d3b2e346c07a2ddf6b56baf4002088884885
                                                                                                                                • Instruction ID: cca86d115df7c5f1209c579e96ac74025f6552ff43adc20328f1f9561785276b
                                                                                                                                • Opcode Fuzzy Hash: af286a22ce1a6bda1b61a837db24d3b2e346c07a2ddf6b56baf4002088884885
                                                                                                                                • Instruction Fuzzy Hash: 9981C128E0CE038EF7549B6794412BE2294AF65BB0F1441B5EA2DB77B6DF3CE4458308
                                                                                                                                Function 00007FFE101D1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937326239.00007FFE101D1000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFE101D0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937311108.00007FFE101D0000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937341468.00007FFE101D3000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937356318.00007FFE101D4000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937371175.00007FFE101D5000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe101d0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 349153199-0
                                                                                                                                • Opcode ID: 13216a91d280a0ad17bb93d9638d94c9aa7988d3a2199bea0cdda77358a17c13
                                                                                                                                • Instruction ID: 42d427f77a34bc7bd24ba71b5b6ff5b0654842b2f30b504e6267511c381d1699
                                                                                                                                • Opcode Fuzzy Hash: 13216a91d280a0ad17bb93d9638d94c9aa7988d3a2199bea0cdda77358a17c13
                                                                                                                                • Instruction Fuzzy Hash: 6681A261F0CE4366FA50AB67A4492B92290BF857A0F5881B7EBCD477B6DE3CE4458700
                                                                                                                                Function 00007FFE0EA71030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936942642.00007FFE0EA71000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FFE0EA70000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936928583.00007FFE0EA70000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936956825.00007FFE0EA73000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936970557.00007FFE0EA74000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936984077.00007FFE0EA75000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe0ea70000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 349153199-0
                                                                                                                                • Opcode ID: 31d8e522e61a33cf479bf52350be3450eaa8bff41c9a3cd264d2142d6b397c0f
                                                                                                                                • Instruction ID: 28879af4d50f251d96800e7c23eeb02db633c53c60eda6c6fb4680361fa5fa6b
                                                                                                                                • Opcode Fuzzy Hash: 31d8e522e61a33cf479bf52350be3450eaa8bff41c9a3cd264d2142d6b397c0f
                                                                                                                                • Instruction Fuzzy Hash: 7E817F21E1E64386FA50EB65AC512B967F4AF6D784F444039D9CD877B6FE3CE8068700
                                                                                                                                Function 00007FFE11512A70 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 349153199-0
                                                                                                                                • Opcode ID: f483b21f41d815f6d6d63f0a13c87fd0f68ae68320ff496c1413c579ba159f5c
                                                                                                                                • Instruction ID: 2a209f774a4a3116ed57907d034c2c01580f23a333c9f98c48bb877cc81ad1d4
                                                                                                                                • Opcode Fuzzy Hash: f483b21f41d815f6d6d63f0a13c87fd0f68ae68320ff496c1413c579ba159f5c
                                                                                                                                • Instruction Fuzzy Hash: A081D5A1E0CE4386FB52AB6794912B922DAAF857F0F6440B5DA0C473B7DF7CE8418700
                                                                                                                                Function 00007FFE1A459164 Relevance: 16.7, APIs: 11, Instructions: 158COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Name::operator+
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2943138195-0
                                                                                                                                • Opcode ID: 3cac31fbce2037cca8b65a6457a1f6e1f72e09754060cc87a73fdfbcf94b07ef
                                                                                                                                • Instruction ID: 6fb72a7b33907f36b10538f7b77f9c94779bffe61cc6cabd7b9bce20e22d6a9b
                                                                                                                                • Opcode Fuzzy Hash: 3cac31fbce2037cca8b65a6457a1f6e1f72e09754060cc87a73fdfbcf94b07ef
                                                                                                                                • Instruction Fuzzy Hash: 797140B2B05E46ADFB11EF62D4501FC33B1AB45B9CB4048B2DA0D57AAADF34D625C390
                                                                                                                                Function 00007FFE11EA7D7C Relevance: 16.7, APIs: 11, Instructions: 157COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Mem_$Eval_Threadmemcpy$Bytes_DeallocFreeFromMallocModuleReallocRestoreSaveSizeStateStringType_memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2023644590-0
                                                                                                                                • Opcode ID: 25f5dba4c9a95c35a1ad65d81cd23aba52be5f89df8b18e19c4da219301fcce9
                                                                                                                                • Instruction ID: 0b52e7b1c042007c74ba6bfc13537d482333465c4a958c1e489eedbdf60a48d7
                                                                                                                                • Opcode Fuzzy Hash: 25f5dba4c9a95c35a1ad65d81cd23aba52be5f89df8b18e19c4da219301fcce9
                                                                                                                                • Instruction Fuzzy Hash: C6516B22E4AE4285EB51CFA2AD4423A63ADFF14FA4F144076DE4E17768DF3DE4918344
                                                                                                                                Function 00007FFE11BB2170 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 166COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938118027.00007FFE11BB1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE11BB0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938101310.00007FFE11BB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938133567.00007FFE11BB3000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938149100.00007FFE11BB4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938163229.00007FFE11BB5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11bb0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _wassertmemcpy$memmove
                                                                                                                                • String ID: (direction == DirEncrypt) || (direction == DirDecrypt)$cfbState->usedKeyStream <= segment_len$src/raw_cfb.c$src/raw_cfb.c
                                                                                                                                • API String ID: 710767724-3209691050
                                                                                                                                • Opcode ID: b649bd0a1d546711c851ea8078f7825d9fd1ee49c3c19a2c630744d5683e58bf
                                                                                                                                • Instruction ID: cb32e8448dcffed200b600cff567d0af5c6e30667e78a33ee559865c6fdf975a
                                                                                                                                • Opcode Fuzzy Hash: b649bd0a1d546711c851ea8078f7825d9fd1ee49c3c19a2c630744d5683e58bf
                                                                                                                                • Instruction Fuzzy Hash: DE610E72A19F81C6E7218F26E400A686B64FB94BE4F0096B1DE8D13F69DF3CE551C304
                                                                                                                                Function 00007FFE1A45AAC8 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 126COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Name::operator+
                                                                                                                                • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                                                                                • API String ID: 2943138195-1464470183
                                                                                                                                • Opcode ID: 50e8110e92645124a6d82ffc9330fdaa6dc52167fa44e73d911cd3f80f86a47a
                                                                                                                                • Instruction ID: 6fc5acf3494eeb3f8701cc411fabb80c64b441b178f4a56e7a5f9de271fbf314
                                                                                                                                • Opcode Fuzzy Hash: 50e8110e92645124a6d82ffc9330fdaa6dc52167fa44e73d911cd3f80f86a47a
                                                                                                                                • Instruction Fuzzy Hash: 89518CB2F08F52C9FB11EB66E8841BC27B1BB05B64F5040F6DA5D13AA9DF28E564C340
                                                                                                                                Function 00007FFE11516888 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 89COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Buffer_Err_Release$Arg_CheckDeadline_ParseSignalsSizeStringTuple_
                                                                                                                                • String ID: timed out$y*|i:sendall
                                                                                                                                • API String ID: 1463051379-3431350491
                                                                                                                                • Opcode ID: fc05db84d42dd3267092a6ef36f8f45a0feb8bd157ffeb6315938a2d8f874bac
                                                                                                                                • Instruction ID: 605ab90946f4a305b77ddc636a2c72abc75010891923cf708a0662d6dc42c8d8
                                                                                                                                • Opcode Fuzzy Hash: fc05db84d42dd3267092a6ef36f8f45a0feb8bd157ffeb6315938a2d8f874bac
                                                                                                                                • Instruction Fuzzy Hash: 7E413D36A08E8286E7129F17E8402AA73AAFB44BA4F544076DE4D53B74DF7CE445C711
                                                                                                                                Function 00007FFE11516398 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Bytes_DeallocSizeStringTuple_$Arg_Err_FromPackParseResize
                                                                                                                                • String ID: negative buffersize in recvfrom$n|i:recvfrom
                                                                                                                                • API String ID: 3092067012-1867657612
                                                                                                                                • Opcode ID: cc238e99d0fac9a70905be5daf0240d15a5e1946d6d8ac169dca63a10d14bba3
                                                                                                                                • Instruction ID: 99c23d160703a2bcc956db3f7f3363bae0326be60c73783972be7d0e9ce14903
                                                                                                                                • Opcode Fuzzy Hash: cc238e99d0fac9a70905be5daf0240d15a5e1946d6d8ac169dca63a10d14bba3
                                                                                                                                • Instruction Fuzzy Hash: AC313C71A49F4281EB568F17E4842B963ABFF84BA4F045075DA4E47778DEBCE044C711
                                                                                                                                Function 00007FFE1A4537F8 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 317COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                • API String ID: 211107550-393685449
                                                                                                                                • Opcode ID: aad8d4203d0b1849c4fce47835e3c613ec0ba3b35d99662ed70f641d37e67567
                                                                                                                                • Instruction ID: 84db0f3033635d0a868e712f29b609f6a017eeff5fc66594e5dbf62a63eb592f
                                                                                                                                • Opcode Fuzzy Hash: aad8d4203d0b1849c4fce47835e3c613ec0ba3b35d99662ed70f641d37e67567
                                                                                                                                • Instruction Fuzzy Hash: 60E1D2B3B08B828AE751AF36D4903BD77A0FB45B68F1401B6DA4D57666CF38E5A1C700
                                                                                                                                Function 00007FFE0EA72760 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 154COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936942642.00007FFE0EA71000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FFE0EA70000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936928583.00007FFE0EA70000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936956825.00007FFE0EA73000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936970557.00007FFE0EA74000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936984077.00007FFE0EA75000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe0ea70000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _wassert$memcpy
                                                                                                                                • String ID: ((Nk==4) && (Nr==10)) || ((Nk==6) && (Nr==12)) || ((Nk==8) && (Nr==14))$(idx>=1) && (idx<=10)$src/AESNI.c$src/AESNI.c
                                                                                                                                • API String ID: 4292997394-722309440
                                                                                                                                • Opcode ID: d39dd8ff127fcd6812d8991013f514968d842da6ae2888197d778fac17dca971
                                                                                                                                • Instruction ID: a497e1f4b5fc4c8212b2626d4b61290202e15f57842213918d85213ffade13a1
                                                                                                                                • Opcode Fuzzy Hash: d39dd8ff127fcd6812d8991013f514968d842da6ae2888197d778fac17dca971
                                                                                                                                • Instruction Fuzzy Hash: B061CEB2E08A8681EA21CB24E8403B97371FB9C744F518235CACD63675FE3CE58AC740
                                                                                                                                Function 00007FFE13302568 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 114COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938594897.00007FFE13301000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938578259.00007FFE13300000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938612939.00007FFE13303000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938629391.00007FFE13305000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938646123.00007FFE13306000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Dealloc$DescriptorErr_FastFileObject_Sequence_String
                                                                                                                                • String ID: arguments 1-3 must be sequences$too many file descriptors in select()
                                                                                                                                • API String ID: 3320488554-3996108163
                                                                                                                                • Opcode ID: 0a082253e6777f62276fcf38ac5eede441174e35d500b13a193befc8f2a7e340
                                                                                                                                • Instruction ID: 695c007cfa1899aea2a36834de64a658eb4880c1c5cb7dca822da5cf19cce21b
                                                                                                                                • Opcode Fuzzy Hash: 0a082253e6777f62276fcf38ac5eede441174e35d500b13a193befc8f2a7e340
                                                                                                                                • Instruction Fuzzy Hash: C2418032A08F068AEB159F16E95413D73A0FBA4BB4F154271DA6E937A4DF7CE450C708
                                                                                                                                Function 00007FFE1A45C7F8 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Name::operator+
                                                                                                                                • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                                                                                • API String ID: 2943138195-2239912363
                                                                                                                                • Opcode ID: 0e84257edd8271f32b759845b73cd3eefe07970f5e22a962a9d02e38f5861642
                                                                                                                                • Instruction ID: a50961141b2aa76dd593645c823cb9b5a686f9e17db93be2c79e1738c74976c0
                                                                                                                                • Opcode Fuzzy Hash: 0e84257edd8271f32b759845b73cd3eefe07970f5e22a962a9d02e38f5861642
                                                                                                                                • Instruction Fuzzy Hash: C2513BA2F18F5298FB519B62D8402BD37B0BB08B68F4442F7DA4D13AA5DF3C91A4C754
                                                                                                                                Function 00007FFE1151442C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 84networkthreadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$Eval_Thread$CheckErr_RestoreSaveSignalsconnect
                                                                                                                                • String ID: 3'
                                                                                                                                • API String ID: 4284410693-280543908
                                                                                                                                • Opcode ID: bf1f35104443e8bdc2e2b3dc93d8a66b39ca7049add94a43049c608f9c8392d5
                                                                                                                                • Instruction ID: 8efb142e853869dcdb3ee7dabc35734c82ad8960693e155ff0209f92feb0c9b1
                                                                                                                                • Opcode Fuzzy Hash: bf1f35104443e8bdc2e2b3dc93d8a66b39ca7049add94a43049c608f9c8392d5
                                                                                                                                • Instruction Fuzzy Hash: B5317231B0CF4286EB668F23B4445796AAABF447B8F046175EE5E83BB4DF7CE4408600
                                                                                                                                Function 00007FFE013C6F58 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: NameName::Name::operator+Name::operator+=$Decorator::getDimensionName::doPcharSigned
                                                                                                                                • String ID: `template-parameter$void
                                                                                                                                • API String ID: 1951524168-4057429177
                                                                                                                                • Opcode ID: 1f3cece657a09479af9d3c9b893c1911f44fdaa9b7d97bad4018a523c838e630
                                                                                                                                • Instruction ID: 81b39274279d27492b53a5a506eaf05990c9b1ae392bf94444546f09e6a22fb5
                                                                                                                                • Opcode Fuzzy Hash: 1f3cece657a09479af9d3c9b893c1911f44fdaa9b7d97bad4018a523c838e630
                                                                                                                                • Instruction Fuzzy Hash: F6312766B09B5289FB009B65E8612F923A1BB04B88F960032DE0D5F7B5DF6CE409C740
                                                                                                                                Function 00007FFE1151847C Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 48timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Time_$Err_FromSecondsString$MillisecondsObjectTimeval
                                                                                                                                • String ID: Timeout value out of range$timeout doesn't fit into C timeval
                                                                                                                                • API String ID: 4240314503-2798848688
                                                                                                                                • Opcode ID: effe227a6c3964277aaa9565c2b565e3918d67ffc16b5f54456a4dcbfcd0fe54
                                                                                                                                • Instruction ID: 2651931b0787d8de23aec916fcaa10107758031b98bf866cf3fe3eb7ef4fc27f
                                                                                                                                • Opcode Fuzzy Hash: effe227a6c3964277aaa9565c2b565e3918d67ffc16b5f54456a4dcbfcd0fe54
                                                                                                                                • Instruction Fuzzy Hash: 4D115135B48E0281FB229B27E490278236ABF44BB4F004279D92E877F0EFACE1448300
                                                                                                                                Function 00007FFE11EA8264 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_ReleaseThread_acquire_lockThread_release_lockmemset
                                                                                                                                • String ID: argument$compress$contiguous buffer
                                                                                                                                • API String ID: 1731275941-2310704374
                                                                                                                                • Opcode ID: 33f056bf197bdecfa257246466ee53bf61bb272af1da0f4c28df399c879e47b5
                                                                                                                                • Instruction ID: c0723041d6ea2655c693c64093c8059b9cf65900ef9a88839962ea8c7b967c35
                                                                                                                                • Opcode Fuzzy Hash: 33f056bf197bdecfa257246466ee53bf61bb272af1da0f4c28df399c879e47b5
                                                                                                                                • Instruction Fuzzy Hash: 9811B622B08E4281EB10CBA3EC406BA6368FB88F90F948172DA4D43774EF3CD545C700
                                                                                                                                Function 00007FFE11515578 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 37threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_$Eval_ExceptionThread$MatchesRaisedResourceRestoreSaveUnraisableWarningWriteclosesocket
                                                                                                                                • String ID: unclosed %R
                                                                                                                                • API String ID: 1660182617-2306019038
                                                                                                                                • Opcode ID: 22af9ee66539c4f4bd6f295781fecbb485c16e4539d69cf45f6a771bb75a1004
                                                                                                                                • Instruction ID: 961eeae9d74469aac412c4e556a4fa24c9e1a2e40413b4fda38caaf2801c604a
                                                                                                                                • Opcode Fuzzy Hash: 22af9ee66539c4f4bd6f295781fecbb485c16e4539d69cf45f6a771bb75a1004
                                                                                                                                • Instruction Fuzzy Hash: E501F325A18F4282EB159F23A8040A9636AFF49BB4B081371DD7A437F4DF7CE445C300
                                                                                                                                Function 00007FFE11518094 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 29stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: SizeString$Arg_Bytes_Err_FromParseTuple_inet_addrstrcmp
                                                                                                                                • String ID: 255.255.255.255$illegal IP address string passed to inet_aton$s:inet_aton
                                                                                                                                • API String ID: 717551241-4110412280
                                                                                                                                • Opcode ID: 355c58994951efd5dcf1208cbc122bb6b69380121fe20eeb555166ca54720079
                                                                                                                                • Instruction ID: cc896df0e9a890e9d517305ec931da079f3e9a169ff7147f26716df528d8629b
                                                                                                                                • Opcode Fuzzy Hash: 355c58994951efd5dcf1208cbc122bb6b69380121fe20eeb555166ca54720079
                                                                                                                                • Instruction Fuzzy Hash: BB011261A0CD0382EB129B27E8441B9637BFF857B4F5055B1D61E875B4EF2DD589C700
                                                                                                                                Function 00007FFE0139E9C8 Relevance: 13.8, APIs: 9, Instructions: 282fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FFE0139EC70: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFE0139EA46), ref: 00007FFE0139EC90
                                                                                                                                  • Part of subcall function 00007FFE0139EC70: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFE0139EA46), ref: 00007FFE0139ECE6
                                                                                                                                  • Part of subcall function 00007FFE0139EC70: LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFE0139EA46), ref: 00007FFE0139ED8B
                                                                                                                                • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FFE0139EAA5
                                                                                                                                • GetFileType.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FFE0139EAC3
                                                                                                                                • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FFE0139EC54
                                                                                                                                • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FFE013D64BE
                                                                                                                                • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0 ref: 00007FFE013D64F1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalSection$EnterErrorFileLast$CloseCreateHandleLeaveType
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3788438030-0
                                                                                                                                • Opcode ID: 1d4586efc608d868f09762b6077f8cee1f43e595acc033dc8482e9515f2cff91
                                                                                                                                • Instruction ID: 080f2470b12570cea0332e8aa0cf1f9d936b837dde4ba5eafa7a44400f89a107
                                                                                                                                • Opcode Fuzzy Hash: 1d4586efc608d868f09762b6077f8cee1f43e595acc033dc8482e9515f2cff91
                                                                                                                                • Instruction Fuzzy Hash: 95C1CF76B28A4285EB10DF68D4801AD3761FB89B98B121235EA6E9B7F5CF3CD456C700
                                                                                                                                Function 00007FFE130C23CC Relevance: 13.7, APIs: 9, Instructions: 230COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938510031.00007FFE130C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938494029.00007FFE130C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938526688.00007FFE130C4000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938542624.00007FFE130C6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938561193.00007FFE130C7000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe130c0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Initialize__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2049316269-0
                                                                                                                                • Opcode ID: 3b77cff2cffa30a2d72c19b05c0e679f5008bcc017be56a32988e55e20aec773
                                                                                                                                • Instruction ID: 3dc58cef5b1823b9137158e032c1f8698d0bb5741a3cf491d0870a7ef861eb87
                                                                                                                                • Opcode Fuzzy Hash: 3b77cff2cffa30a2d72c19b05c0e679f5008bcc017be56a32988e55e20aec773
                                                                                                                                • Instruction Fuzzy Hash: 3B81BF21E18E478EFE50AB2798412B922DBAFA07A0FD441F5D90D77BB6DE3CE4418700
                                                                                                                                Function 00007FFE11511060 Relevance: 13.6, APIs: 9, Instructions: 93COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ConditionMask$Dealloc$DictDict_FromInfoModule_StringUnicode_VerifyVersion
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1463663611-0
                                                                                                                                • Opcode ID: 52014d617bdbf1a23e849bdeaec756294a92b9dcc7fe6566fb8264fe441ab811
                                                                                                                                • Instruction ID: 4ce1af4efa544f67ce90849f02832377b6cc285df229734dbebf5ecb372b0380
                                                                                                                                • Opcode Fuzzy Hash: 52014d617bdbf1a23e849bdeaec756294a92b9dcc7fe6566fb8264fe441ab811
                                                                                                                                • Instruction Fuzzy Hash: C5318B36A09F4285EB62CF23A8587A973AABB44BA0F444175CD5E427B4EF3CE645C700
                                                                                                                                Function 00007FFE1A45662A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
                                                                                                                                • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                                                                                                                • API String ID: 1852475696-928371585
                                                                                                                                • Opcode ID: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                                                                                                                • Instruction ID: 94ed81efe7f57d1ae8c2a69ed7d50f2aa5380855d6dfe5f07c6e85ae284c8123
                                                                                                                                • Opcode Fuzzy Hash: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                                                                                                                • Instruction Fuzzy Hash: 7B5190A2B19E8692DA20EB12F8502B9A360FF44FA4F0445B3DA5D43778DF3CE525C700
                                                                                                                                Function 00007FFE014342DC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 129COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FFE01392D60: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FFE013D3A07,?,?,?,?,00007FFE0139720A,?,?,?,00007FFE0139A5D3,?,?,?), ref: 00007FFE01392D6A
                                                                                                                                  • Part of subcall function 00007FFE01392D60: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FFE013D3A07,?,?,?,?,00007FFE0139720A,?,?,?,00007FFE0139A5D3,?,?,?), ref: 00007FFE01392DB0
                                                                                                                                  • Part of subcall function 00007FFE01434000: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FFE01434040
                                                                                                                                • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,00000000), ref: 00007FFE014343A7
                                                                                                                                • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,00000000), ref: 00007FFE014343B3
                                                                                                                                • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,00000000), ref: 00007FFE014343F3
                                                                                                                                • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,00000000), ref: 00007FFE01434442
                                                                                                                                • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,00000000), ref: 00007FFE0143444F
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$FullNamePath$CurrentDirectory
                                                                                                                                • String ID: .$:
                                                                                                                                • API String ID: 3092725408-4202072812
                                                                                                                                • Opcode ID: c77f8f494e53075103f17f0137dc06d52f872a3f8c92b5311fda1d3e3cde12f6
                                                                                                                                • Instruction ID: 5e1c34baafd811c5fa6993f9c760edf664c8d92198ca0efb44c2c0cce29b285b
                                                                                                                                • Opcode Fuzzy Hash: c77f8f494e53075103f17f0137dc06d52f872a3f8c92b5311fda1d3e3cde12f6
                                                                                                                                • Instruction Fuzzy Hash: FA518F62F08A1389FB10ABB0E8501FD26A4BF64758F594435DE1D6FBB6EF3CA8418350
                                                                                                                                Function 00007FFE013C4358 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: NameName::$Name::doName::operator+Pchar
                                                                                                                                • String ID: `non-type-template-parameter
                                                                                                                                • API String ID: 3026640183-4247534891
                                                                                                                                • Opcode ID: 7324edd943b72a8c1819aec07d8f5cf618c6165273857df94478cefcc2cd1b86
                                                                                                                                • Instruction ID: 8769cb5569313c644fb4ce9721834bdba53bca1feeff6befc4b6536c9a938ab1
                                                                                                                                • Opcode Fuzzy Hash: 7324edd943b72a8c1819aec07d8f5cf618c6165273857df94478cefcc2cd1b86
                                                                                                                                • Instruction Fuzzy Hash: 89416B72A0D792D5EB10CB11E8A01BC77A5BB51B84FA64035DA4D6BBA5DF3CE826C340
                                                                                                                                Function 00007FFE11EB22B8 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • PyBytes_FromStringAndSize.PYTHON312(?,?,?,?,?,?,?,00000000,?,?,?,00007FFE11EA7DD1), ref: 00007FFE11EB2304
                                                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?,?,?,00007FFE11EA7DD1), ref: 00007FFE11EB2348
                                                                                                                                • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,00000000,?,?,?,00007FFE11EA7DD1), ref: 00007FFE11EB2364
                                                                                                                                • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,00000000,?,?,?,00007FFE11EA7DD1), ref: 00007FFE11EB23B3
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Dealloc$Bytes_FromSizeStringmemcpy
                                                                                                                                • String ID: Unable to allocate output buffer.
                                                                                                                                • API String ID: 76732796-2565006440
                                                                                                                                • Opcode ID: 862a72045ce60d21db495ca697c2b4e567bdc8ae85e2f6742c42c45822477898
                                                                                                                                • Instruction ID: 3fb5858214e9ad179f282a2c13aaa8252f36853fe383d174a46846401edde655
                                                                                                                                • Opcode Fuzzy Hash: 862a72045ce60d21db495ca697c2b4e567bdc8ae85e2f6742c42c45822477898
                                                                                                                                • Instruction Fuzzy Hash: E741F876A0AE0385EB198F96C85426A33A8FF48FA4F188472DE1D47765CF3CE491C308
                                                                                                                                Function 00007FFE11EAFBC8 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 89COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • PyDict_New.PYTHON312(?,?,?,00007FFE11EAFBA6,?,?,?,?,?,00007FFE11EAFB31), ref: 00007FFE11EAFBD5
                                                                                                                                  • Part of subcall function 00007FFE11EAFCEC: PyLong_FromUnsignedLongLong.PYTHON312(?,?,?,00007FFE11EAFBF9,?,?,?,00007FFE11EAFBA6,?,?,?,?,?,00007FFE11EAFB31), ref: 00007FFE11EAFD04
                                                                                                                                  • Part of subcall function 00007FFE11EAFCEC: PyUnicode_InternFromString.PYTHON312(?,?,?,00007FFE11EAFBF9,?,?,?,00007FFE11EAFBA6,?,?,?,?,?,00007FFE11EAFB31), ref: 00007FFE11EAFD15
                                                                                                                                  • Part of subcall function 00007FFE11EAFCEC: PyDict_SetItem.PYTHON312(?,?,?,00007FFE11EAFBF9,?,?,?,00007FFE11EAFBA6,?,?,?,?,?,00007FFE11EAFB31), ref: 00007FFE11EAFD30
                                                                                                                                • PyErr_Format.PYTHON312(?,?,?,00007FFE11EAFBA6,?,?,?,?,?,00007FFE11EAFB31), ref: 00007FFE11EB57C0
                                                                                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFE11EAFBA6,?,?,?,?,?,00007FFE11EAFB31), ref: 00007FFE11EB57DC
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Dict_FromLong$DeallocErr_FormatInternItemLong_StringUnicode_Unsigned
                                                                                                                                • String ID: Invalid filter ID: %llu$dict_size$dist$start_offset
                                                                                                                                • API String ID: 1484310907-3368833446
                                                                                                                                • Opcode ID: e83a07305317a98ea39a1dffc3ab200cc08430bf9a336bacd10d1445eee80fbe
                                                                                                                                • Instruction ID: f9ec34e63afe53c0ff24b5e459ada600b270620f8234a3eae4789230d6cfd2cc
                                                                                                                                • Opcode Fuzzy Hash: e83a07305317a98ea39a1dffc3ab200cc08430bf9a336bacd10d1445eee80fbe
                                                                                                                                • Instruction Fuzzy Hash: D3410A31B08E5385EB688B9BED8447A27A8BF05BA4B1451B3CA1D477F0DF3CA465C709
                                                                                                                                Function 00007FFE1A456FE4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FFE1A4571A3,?,?,00000000,00007FFE1A456FD4,?,?,?,?,00007FFE1A456D11), ref: 00007FFE1A457069
                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FFE1A4571A3,?,?,00000000,00007FFE1A456FD4,?,?,?,?,00007FFE1A456D11), ref: 00007FFE1A457077
                                                                                                                                • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFE1A4571A3,?,?,00000000,00007FFE1A456FD4,?,?,?,?,00007FFE1A456D11), ref: 00007FFE1A457090
                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FFE1A4571A3,?,?,00000000,00007FFE1A456FD4,?,?,?,?,00007FFE1A456D11), ref: 00007FFE1A4570A2
                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FFE1A4571A3,?,?,00000000,00007FFE1A456FD4,?,?,?,?,00007FFE1A456D11), ref: 00007FFE1A457110
                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FFE1A4571A3,?,?,00000000,00007FFE1A456FD4,?,?,?,?,00007FFE1A456D11), ref: 00007FFE1A45711C
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                                                                                • String ID: api-ms-
                                                                                                                                • API String ID: 916704608-2084034818
                                                                                                                                • Opcode ID: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                                                                                                                • Instruction ID: 6664a0b00e140a49ea41bd201f55bccb93ae670519e61bde195a6ec51cb72521
                                                                                                                                • Opcode Fuzzy Hash: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                                                                                                                • Instruction Fuzzy Hash: D4316F61B1AF8295EE11EB03A8005B563E4BF44FB4F5949B6DD2E4B3A4EF3CE5648300
                                                                                                                                Function 00007FFE11EB6060 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 70COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • PyErr_SetString.PYTHON312(?,?,?,00007FFE11EB4A8B,?,?,?,00000000,?,?,?,00007FFE11EA7DD1), ref: 00007FFE11EB6098
                                                                                                                                • PyBytes_FromStringAndSize.PYTHON312(?,?,?,00007FFE11EB4A8B,?,?,?,00000000,?,?,?,00007FFE11EA7DD1), ref: 00007FFE11EB60FB
                                                                                                                                • PyList_Append.PYTHON312(?,?,?,00007FFE11EB4A8B,?,?,?,00000000,?,?,?,00007FFE11EA7DD1), ref: 00007FFE11EB610F
                                                                                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFE11EB4A8B,?,?,?,00000000,?,?,?,00007FFE11EA7DD1), ref: 00007FFE11EB612B
                                                                                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFE11EB4A8B,?,?,?,00000000,?,?,?,00007FFE11EA7DD1), ref: 00007FFE11EB6144
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DeallocString$AppendBytes_Err_FromList_Size
                                                                                                                                • String ID: Unable to allocate output buffer.$avail_out is non-zero in _BlocksOutputBuffer_Grow().
                                                                                                                                • API String ID: 1563898963-3455802345
                                                                                                                                • Opcode ID: 6fbf18b8591416a9140e35495b6e81dd91272e89744f2ab46cafb3dfa0ec3d47
                                                                                                                                • Instruction ID: 9299123a967e9b82b3ccdbefb1f35b20ab820e46308503f620f01c402de29259
                                                                                                                                • Opcode Fuzzy Hash: 6fbf18b8591416a9140e35495b6e81dd91272e89744f2ab46cafb3dfa0ec3d47
                                                                                                                                • Instruction Fuzzy Hash: BD313A31A19F4281EB248BABED4412A63A9FB48BF4F1442B2D96D477F5DF3DE4418704
                                                                                                                                Function 00007FFE013C3178 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Name::operator+=$Decorator::getNameName::operator+$Name::Name::operator=ScopeScoped
                                                                                                                                • String ID: void
                                                                                                                                • API String ID: 3176039966-3531332078
                                                                                                                                • Opcode ID: 720f34a673e5e0285af4e5d5fa9c7a92715189caa0cb8476876aa2ef7ccb2b61
                                                                                                                                • Instruction ID: f569a13019ed7939d8ed9b5adf3d98e9122efd81e7e91d90645b61a21be588af
                                                                                                                                • Opcode Fuzzy Hash: 720f34a673e5e0285af4e5d5fa9c7a92715189caa0cb8476876aa2ef7ccb2b61
                                                                                                                                • Instruction Fuzzy Hash: A111D372E1D68685EF20EB15E8513BA2371FF94748F418031E98D8F2BADE2CE545C700
                                                                                                                                Function 00007FFE11516144 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Bytes_SizeString$Arg_DeallocErr_FromParseResizeTuple_
                                                                                                                                • String ID: negative buffersize in recv$n|i:recv
                                                                                                                                • API String ID: 1342606314-3647384195
                                                                                                                                • Opcode ID: 305ed9ba5d92207555bc009bd3fb456f9aa8074bc0363cc4f8e3912babf7d0a1
                                                                                                                                • Instruction ID: 5348c3717574df03efcd7e18cb855869c18023bcb773c7d9581e068fe7636fc6
                                                                                                                                • Opcode Fuzzy Hash: 305ed9ba5d92207555bc009bd3fb456f9aa8074bc0363cc4f8e3912babf7d0a1
                                                                                                                                • Instruction Fuzzy Hash: E7118175A48E4281EF168B53E8441B9A77AFF84BA4F0404B6D94E477B4EFBCE048C710
                                                                                                                                Function 00007FFE11EA937C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Eval_ThreadThread_acquire_lock$Err_RestoreSaveStringThread_release_lock
                                                                                                                                • String ID: Already at end of stream
                                                                                                                                • API String ID: 2195683152-1334556646
                                                                                                                                • Opcode ID: 9e63216e7170e21cd5fe165ef3298d122a1dd742ff82655237ff20200b8b85b3
                                                                                                                                • Instruction ID: 80ea9e077d3efe46f941c5e602b75818763a352265d1c8545e5e9a90d5cf5ccd
                                                                                                                                • Opcode Fuzzy Hash: 9e63216e7170e21cd5fe165ef3298d122a1dd742ff82655237ff20200b8b85b3
                                                                                                                                • Instruction Fuzzy Hash: 79112B26A08E4189EB04DB93EC4456A67A8FB88FE4F0840B2DE1E43764CF3CE455C344
                                                                                                                                Function 00007FFE11EA8DA0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 44threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • PyThread_acquire_lock.PYTHON312(?,?,?,00007FFE11EA82CA), ref: 00007FFE11EA8DC6
                                                                                                                                • PyThread_release_lock.PYTHON312(?,?,?,00007FFE11EA82CA), ref: 00007FFE11EA8DF8
                                                                                                                                • PyErr_SetString.PYTHON312(?,?,?,00007FFE11EA82CA), ref: 00007FFE11EA8E28
                                                                                                                                  • Part of subcall function 00007FFE11EA82F8: PyType_GetModuleState.PYTHON312 ref: 00007FFE11EA8331
                                                                                                                                  • Part of subcall function 00007FFE11EA82F8: PyBytes_FromStringAndSize.PYTHON312 ref: 00007FFE11EA8345
                                                                                                                                  • Part of subcall function 00007FFE11EA82F8: PyList_New.PYTHON312 ref: 00007FFE11EA835C
                                                                                                                                  • Part of subcall function 00007FFE11EA82F8: PyEval_SaveThread.PYTHON312 ref: 00007FFE11EA83AD
                                                                                                                                  • Part of subcall function 00007FFE11EA82F8: PyEval_RestoreThread.PYTHON312 ref: 00007FFE11EA83C7
                                                                                                                                • PyEval_SaveThread.PYTHON312(?,?,?,00007FFE11EA82CA), ref: 00007FFE11EB4C64
                                                                                                                                • PyThread_acquire_lock.PYTHON312(?,?,?,00007FFE11EA82CA), ref: 00007FFE11EB4C79
                                                                                                                                • PyEval_RestoreThread.PYTHON312(?,?,?,00007FFE11EA82CA), ref: 00007FFE11EB4C82
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_ModuleSizeStateThread_release_lockType_
                                                                                                                                • String ID: Compressor has been flushed
                                                                                                                                • API String ID: 3871537485-3904734015
                                                                                                                                • Opcode ID: d86aa80a21a4b2d71b416a1f9dd74983a5d05c692f482363478d6afc86bb99e5
                                                                                                                                • Instruction ID: 67cca7bbaf83cb614ee16bb5a37bbe83eddf94990d59e4fb335752f700beb395
                                                                                                                                • Opcode Fuzzy Hash: d86aa80a21a4b2d71b416a1f9dd74983a5d05c692f482363478d6afc86bb99e5
                                                                                                                                • Instruction Fuzzy Hash: BE113D21A08E8286EB54CB93FC44A6A63A9FB88FE1F044072DE5E43B24CF3CE455C345
                                                                                                                                Function 00007FFE11EB2D6C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_ModuleSizeStateThread_release_lockType_
                                                                                                                                • String ID: Repeated call to flush()
                                                                                                                                • API String ID: 3871537485-194442007
                                                                                                                                • Opcode ID: ede9bd1f1ae7f9418d51a289d6428b65908c59f9a38676633a3e566431571365
                                                                                                                                • Instruction ID: 5a8962f7a0d0d01a9d971633440ece34b4fbefc2563e17041b0858a0ef40ba4f
                                                                                                                                • Opcode Fuzzy Hash: ede9bd1f1ae7f9418d51a289d6428b65908c59f9a38676633a3e566431571365
                                                                                                                                • Instruction Fuzzy Hash: E9111C21A08E8286EB589BA7EC4467A63A9FF88FE0F044072DA1E47774CF3CE455C705
                                                                                                                                Function 00007FFE11517D7C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 25networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Arg_Err_FromLongLong_ParseSizeStringTuple_Unsignedhtons
                                                                                                                                • String ID: htons: Python int too large to convert to C 16-bit unsigned integer$htons: can't convert negative Python int to C 16-bit unsigned integer$i:htons
                                                                                                                                • API String ID: 1102113319-997571130
                                                                                                                                • Opcode ID: 36cb6b36a595338fecde009dda6759bcf69e474850c10647500bdb103871726e
                                                                                                                                • Instruction ID: cd6499b376dc70504f00052fe5424fb047938126118c23a2ae7a8185685d7703
                                                                                                                                • Opcode Fuzzy Hash: 36cb6b36a595338fecde009dda6759bcf69e474850c10647500bdb103871726e
                                                                                                                                • Instruction Fuzzy Hash: 62F01765A48E0791EB0B8B1BE8901B8237BBF85B61FD014B6C90E871B0EE2CE548D310
                                                                                                                                Function 00007FFE1A452C38 Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: abort$AdjustPointer
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1501936508-0
                                                                                                                                • Opcode ID: 65b26e5f074ca0aafdff43cbb52cf6556557cf4e92b090b05be647d0b4ff5bec
                                                                                                                                • Instruction ID: a4978e7ee7698631ff501eb76c3296e22e32bc2b5e6074913a1a1f1cd7a594c8
                                                                                                                                • Opcode Fuzzy Hash: 65b26e5f074ca0aafdff43cbb52cf6556557cf4e92b090b05be647d0b4ff5bec
                                                                                                                                • Instruction Fuzzy Hash: 6B51B4A1B09F4281FAA6AB13944467863A4AF44FB4B0944F7EE5D077B5DF3CE466C700
                                                                                                                                Function 00007FFE1A452E1C Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: abort$AdjustPointer
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1501936508-0
                                                                                                                                • Opcode ID: d568fcbafcd5d9e8e83e95e63f5b62363508f79f2b2b670005157146ca98b55e
                                                                                                                                • Instruction ID: e40670b8eb57816f2c1d056eca00c665782a1e9bb4590be741aafe81845a1856
                                                                                                                                • Opcode Fuzzy Hash: d568fcbafcd5d9e8e83e95e63f5b62363508f79f2b2b670005157146ca98b55e
                                                                                                                                • Instruction Fuzzy Hash: E451D8A2B09E4281EEA5EB53A44463C63A4AF54FB4F0584F7EA5D077B4DF3CE4619700
                                                                                                                                Function 00007FFE130C2030 Relevance: 12.1, APIs: 8, Instructions: 137memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938510031.00007FFE130C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938494029.00007FFE130C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938526688.00007FFE130C4000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938542624.00007FFE130C6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938561193.00007FFE130C7000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe130c0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiWide$AllocStringfree
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3313731-0
                                                                                                                                • Opcode ID: 2df663b260b445d3b0f36d6db8be2b229ae73d703f067d4ca2bcd95855dfc4c3
                                                                                                                                • Instruction ID: 630d923f243be12c4166bd32283717649e854be8015addfb11ae000d44db0c2f
                                                                                                                                • Opcode Fuzzy Hash: 2df663b260b445d3b0f36d6db8be2b229ae73d703f067d4ca2bcd95855dfc4c3
                                                                                                                                • Instruction Fuzzy Hash: 9E418521A04E468DEB159F27941037922D6FF64BB4F9446F5EE6DA7BE5DE3CE0418300
                                                                                                                                Function 00007FFE01394CE0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$AddressProcValue
                                                                                                                                • String ID: FlsGetValue$LCMapStringEx
                                                                                                                                • API String ID: 3663398396-552164261
                                                                                                                                • Opcode ID: 2fbef8ac5fa32344c392bc212f7686f577a38a256ad51ea740f3a39413ddaeb9
                                                                                                                                • Instruction ID: 33b9b38c935ecd1f599fcaf55f45d684b4d10eea6d143dfffbab610285f6687a
                                                                                                                                • Opcode Fuzzy Hash: 2fbef8ac5fa32344c392bc212f7686f577a38a256ad51ea740f3a39413ddaeb9
                                                                                                                                • Instruction Fuzzy Hash: C751CF65F0DB5382EB549B25B90027963A0AF49BD8F4A4536DD9D8B7F4DE3CE846C200
                                                                                                                                Function 00007FFE11BB1D80 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 141COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938118027.00007FFE11BB1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE11BB0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938101310.00007FFE11BB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938133567.00007FFE11BB3000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938149100.00007FFE11BB4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938163229.00007FFE11BB5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11bb0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _wassertmemcpymemmove
                                                                                                                                • String ID: @$cfbState->usedKeyStream <= segment_len$src/raw_cfb.c
                                                                                                                                • API String ID: 750734614-1361193148
                                                                                                                                • Opcode ID: 291840892e0951460bb4d7aa888ad5ee9f86b5d89407f6ece59ae0693007ec5f
                                                                                                                                • Instruction ID: de31c83f2256a307064e42fd553536484b124fa6fa7055d2f33e4ac91a8fdffe
                                                                                                                                • Opcode Fuzzy Hash: 291840892e0951460bb4d7aa888ad5ee9f86b5d89407f6ece59ae0693007ec5f
                                                                                                                                • Instruction Fuzzy Hash: C851FFA2B18F81C6EB218F2AE4059696368FB95BE4F046671DF8D13B55EF3CE191C304
                                                                                                                                Function 00007FFE013C473C Relevance: 10.6, APIs: 7, Instructions: 134COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Name::doName::operator+Name::operator+=Pchar$NameName::Name::append
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3659116837-0
                                                                                                                                • Opcode ID: 6a84b5c52dd4d7f0a5c210771edd0bbc2f114ba8d2af6fa718f332cbf26e742e
                                                                                                                                • Instruction ID: 258ecd09413b5ecc6d7610dc7d39ef9eb9b77c54d4a28795d71c4164bee4d7a7
                                                                                                                                • Opcode Fuzzy Hash: 6a84b5c52dd4d7f0a5c210771edd0bbc2f114ba8d2af6fa718f332cbf26e742e
                                                                                                                                • Instruction Fuzzy Hash: 0E614572A08B9289E711CF64E8907BD3BA1BB45798F558035EA4E4B7B9EF3DE445C300
                                                                                                                                Function 00007FFE1A45EB88 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Name::operator+
                                                                                                                                • String ID: {for
                                                                                                                                • API String ID: 2943138195-864106941
                                                                                                                                • Opcode ID: ad201dfe96a96ae0dc6555201844fc758e8e36effd4b63a30410ed7392a88b68
                                                                                                                                • Instruction ID: a7c774f889c1db850d00febc479d16f6673b4272eb53b0ad85fbbb64df639d16
                                                                                                                                • Opcode Fuzzy Hash: ad201dfe96a96ae0dc6555201844fc758e8e36effd4b63a30410ed7392a88b68
                                                                                                                                • Instruction Fuzzy Hash: 4B513CB2B08E45A9F711AF26D4413F837A1EB45B58F4084B2EA4C07BA5DF7CD564C700
                                                                                                                                Function 00007FFE11EA82F8 Relevance: 10.6, APIs: 7, Instructions: 125threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DeallocEval_Thread$Bytes_FromList_ModuleRestoreSaveSizeStateStringType_
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2831925710-0
                                                                                                                                • Opcode ID: ae1edbe514e34c628d084e20ef8e3ec8416522384ac6af6e2e6a82bbf527068e
                                                                                                                                • Instruction ID: cbaf980c637142245792774e24cebe925a6173bc5602419dd1fd6d5d38d3c06f
                                                                                                                                • Opcode Fuzzy Hash: ae1edbe514e34c628d084e20ef8e3ec8416522384ac6af6e2e6a82bbf527068e
                                                                                                                                • Instruction Fuzzy Hash: 54516E22A08F4286EB649B56AD5467A63A8FF58B71F140276DF5E037A0EF3CE450C304
                                                                                                                                Function 00007FFE11515950 Relevance: 10.6, APIs: 7, Instructions: 103COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_Long_Occurred$Arg_KeywordsUnpack
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 591546834-0
                                                                                                                                • Opcode ID: 76780f2171b9a0c666538e7470a80e626d3e221b20e6fde9062a3a99cfec385c
                                                                                                                                • Instruction ID: eac910b43ba9baf18d62e0803e807efcfadbd0f508ffa4b8ee724519ad4500ca
                                                                                                                                • Opcode Fuzzy Hash: 76780f2171b9a0c666538e7470a80e626d3e221b20e6fde9062a3a99cfec385c
                                                                                                                                • Instruction Fuzzy Hash: 25419262A59F4146FF529B23A49037522AABF06BBAF180675DE1D437B0EFBCE444C250
                                                                                                                                Function 00007FFE1A45E174 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: NameName::atol
                                                                                                                                • String ID: `template-parameter$void
                                                                                                                                • API String ID: 2130343216-4057429177
                                                                                                                                • Opcode ID: 1a349dcf90f4e371f1810c8875e562b3843b42aeee856190ba29246ab6ec8260
                                                                                                                                • Instruction ID: 65f398a89f83fb43c1b66a9be4ed9a392c78d19a3d9c7cbe8bf1b71a77ebed61
                                                                                                                                • Opcode Fuzzy Hash: 1a349dcf90f4e371f1810c8875e562b3843b42aeee856190ba29246ab6ec8260
                                                                                                                                • Instruction Fuzzy Hash: 7A414BA2F08F5688FB11DBA2D8512FC23B1BB48BA4F5441B6DE0C17669DF7CA565C340
                                                                                                                                Function 00007FFE01391F10 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 84libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FFE01391F36
                                                                                                                                • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FFE01391F7D
                                                                                                                                  • Part of subcall function 00007FFE01391FC0: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FFE01391FB0), ref: 00007FFE01391FEC
                                                                                                                                  • Part of subcall function 00007FFE01391FC0: LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FFE01391FB0), ref: 00007FFE01392008
                                                                                                                                • TlsGetValue.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FFE013D2B92
                                                                                                                                • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0 ref: 00007FFE013D2BA8
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalErrorLastSection$AddressEnterLeaveProcValue
                                                                                                                                • String ID: FlsGetValue$LCMapStringEx
                                                                                                                                • API String ID: 2861905401-552164261
                                                                                                                                • Opcode ID: 856ffaa09310a5782805b4071b760ed4b18f18c90a9ebf3c2d04c7b4fc712d45
                                                                                                                                • Instruction ID: 3afb06abd31338cc793ebb5a81dba82c7f2ad7fc4fbcf2f67e0cbfc304322d37
                                                                                                                                • Opcode Fuzzy Hash: 856ffaa09310a5782805b4071b760ed4b18f18c90a9ebf3c2d04c7b4fc712d45
                                                                                                                                • Instruction Fuzzy Hash: 22316066B09B0286FB049B28F85017963A1AF483A4F454636DAAD4B7F4EF7CE849C740
                                                                                                                                Function 00007FFE1A458EC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Name::operator+Replicator::operator[]
                                                                                                                                • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                                                • API String ID: 1405650943-2211150622
                                                                                                                                • Opcode ID: cc95b6719b0dfac949915fa95283a824f9a94d2610a8c8b5f10b5de908d24d67
                                                                                                                                • Instruction ID: a452b16370b518dbc48d18b56aeada359cb9f7a9f502f39c13c0ae49ebffb65d
                                                                                                                                • Opcode Fuzzy Hash: cc95b6719b0dfac949915fa95283a824f9a94d2610a8c8b5f10b5de908d24d67
                                                                                                                                • Instruction Fuzzy Hash: A64126B2B08E469CF7029BA6D8502B837B1BB08B68F9445F2CA5C13765DF7CA564D700
                                                                                                                                Function 00007FFE1A45ACC4 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Name::operator+
                                                                                                                                • String ID: char $int $long $short $unsigned
                                                                                                                                • API String ID: 2943138195-3894466517
                                                                                                                                • Opcode ID: 041e2dffe1b489bc893f09ff0a4f423b3d9eca273271e83df22d622629981137
                                                                                                                                • Instruction ID: 1401689a4dfaf7cc22e032df7bb4adae8887ced41eef325a4d0b7d3a7c4ee6aa
                                                                                                                                • Opcode Fuzzy Hash: 041e2dffe1b489bc893f09ff0a4f423b3d9eca273271e83df22d622629981137
                                                                                                                                • Instruction Fuzzy Hash: FA3151B2B18F5188FB01AF6AD8541BC27B2BB09B55F4481F2DA4C07779DE3C9568CB10
                                                                                                                                Function 00007FFE01395964 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FFE01394365), ref: 00007FFE01395978
                                                                                                                                • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FFE01394365), ref: 00007FFE013959C8
                                                                                                                                • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE01394365), ref: 00007FFE013D33AC
                                                                                                                                • TlsGetValue.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,?,00007FFE01394365), ref: 00007FFE013D340F
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$AddressProcValue
                                                                                                                                • String ID: FlsGetValue$LCMapStringEx
                                                                                                                                • API String ID: 3663398396-552164261
                                                                                                                                • Opcode ID: 77e91805ef6c2c8d15ad574c41aafa570b64a8389509183a2b93bcd64b946661
                                                                                                                                • Instruction ID: 001c6de95c322e2078b91755c1efa99d5e35c78c16e1cfe46dbc3c871b036814
                                                                                                                                • Opcode Fuzzy Hash: 77e91805ef6c2c8d15ad574c41aafa570b64a8389509183a2b93bcd64b946661
                                                                                                                                • Instruction Fuzzy Hash: 1C31BF61F1AB0282FB048B54F85017823A1BF49BE8F455135ED9D5F7B4EE2CF8858340
                                                                                                                                Function 00007FFE01383964 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 76libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FFE013D0FE2,?,?,00000000,00007FFE01392DE9,?,?,?,00007FFE013D3A07), ref: 00007FFE01383978
                                                                                                                                • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FFE013D0FE2,?,?,00000000,00007FFE01392DE9,?,?,?,00007FFE013D3A07), ref: 00007FFE013839C8
                                                                                                                                • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE013D0FE2,?,?,00000000,00007FFE01392DE9,?,?,?,00007FFE013D3A07), ref: 00007FFE013CBBB8
                                                                                                                                • TlsGetValue.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,?,00007FFE013D0FE2,?,?,00000000,00007FFE01392DE9,?,?,?,00007FFE013D3A07), ref: 00007FFE013CBC1B
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$AddressProcValue
                                                                                                                                • String ID: FlsGetValue$LCMapStringEx
                                                                                                                                • API String ID: 3663398396-552164261
                                                                                                                                • Opcode ID: d0ae5395c9465d8d5a6c210d7dce74df9189868eb8276c80af6a09405f8d0d1e
                                                                                                                                • Instruction ID: af1a1a8142cd39882d03be415aee14543a98bcd65f0f45227d93468aea3590fc
                                                                                                                                • Opcode Fuzzy Hash: d0ae5395c9465d8d5a6c210d7dce74df9189868eb8276c80af6a09405f8d0d1e
                                                                                                                                • Instruction Fuzzy Hash: 5C31CE21F1AB0282FB149B55F85117863A1AF48BE8F455135ED5E5F7B8EE3CF8858340
                                                                                                                                Function 00007FFE0139B980 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadLibraryExW.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE01395C62,?,?,?,00007FFE01392DD6,?,?,?,00007FFE013D3A07), ref: 00007FFE0139B9EA
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LibraryLoad
                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                • API String ID: 1029625771-537541572
                                                                                                                                • Opcode ID: 752a545cdf87f99411e6b8a1b9852925cc0a22551ba3af9ac3c65f885d221484
                                                                                                                                • Instruction ID: d63e0943bf9c7a9ff75981a4beb90498876e79b669e3acd8bff157d7e4a799e6
                                                                                                                                • Opcode Fuzzy Hash: 752a545cdf87f99411e6b8a1b9852925cc0a22551ba3af9ac3c65f885d221484
                                                                                                                                • Instruction Fuzzy Hash: 38219C21A29B5281EB149F56A8445B863A4EF49FB4F5A1635CE2E4BBF4DF7CE0018300
                                                                                                                                Function 00007FFE11517630 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Arg_AuditFreeMem_ParseSizeSys_Tuple_
                                                                                                                                • String ID: et:gethostbyname$idna$socket.gethostbyname
                                                                                                                                • API String ID: 3195760359-1353326193
                                                                                                                                • Opcode ID: 6e83312ff47425ff525c0c0613081a62e8b85bf134393660fab4544ad1c70ea1
                                                                                                                                • Instruction ID: 1bd21d7fc7d425a4bb3d05fc5cde5f547d723e606012495ec9422c83acf77104
                                                                                                                                • Opcode Fuzzy Hash: 6e83312ff47425ff525c0c0613081a62e8b85bf134393660fab4544ad1c70ea1
                                                                                                                                • Instruction Fuzzy Hash: 54116661718E4282E7119B67E4401AA77A9FF88BE4F401575EE4D47B75DF3CD145C700
                                                                                                                                Function 00007FFE130C1A50 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetModuleHandleW.KERNEL32(?,?,?,00007FFE130C19BF,?,?,?,00007FFE130C1D72), ref: 00007FFE130C1A77
                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FFE130C19BF,?,?,?,00007FFE130C1D72), ref: 00007FFE130C1A94
                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FFE130C19BF,?,?,?,00007FFE130C1D72), ref: 00007FFE130C1AB0
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938510031.00007FFE130C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938494029.00007FFE130C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938526688.00007FFE130C4000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938542624.00007FFE130C6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938561193.00007FFE130C7000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe130c0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressProc$HandleModule
                                                                                                                                • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                • API String ID: 667068680-1718035505
                                                                                                                                • Opcode ID: 569aff2c8a71055cf750ae5eb90cedf63d0a170f748edc3833001cd4e531955e
                                                                                                                                • Instruction ID: de65a1edf7f796f8624c97377282f7ea1993b1871b169acaa18dbb931b158f11
                                                                                                                                • Opcode Fuzzy Hash: 569aff2c8a71055cf750ae5eb90cedf63d0a170f748edc3833001cd4e531955e
                                                                                                                                • Instruction Fuzzy Hash: 8C110920A4EF068DFE698B13B94027522E3AF647B4FDA55F5C81D267B0EE3CB4948340
                                                                                                                                Function 00007FFE11EB13AC Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_$Arg_CallocKeywords_Mem_MemoryParseSizeStringTuple
                                                                                                                                • String ID: Invalid filter specifier for delta filter$|OO&
                                                                                                                                • API String ID: 3027669873-2010576982
                                                                                                                                • Opcode ID: 336c5a91de10221a7ac107a06ce397e35615ba1c3d762a728bcba285866718a9
                                                                                                                                • Instruction ID: 4bde7555c7b04ed7353577e09929dc494e2983b5b62a4de92ec95b3214681a29
                                                                                                                                • Opcode Fuzzy Hash: 336c5a91de10221a7ac107a06ce397e35615ba1c3d762a728bcba285866718a9
                                                                                                                                • Instruction Fuzzy Hash: 14110575A09E429AEB048F92EC445AA33A8FB49B74F504077CA0D47370EF3DE85AC754
                                                                                                                                Function 00007FFE11EB1320 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 34COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_$Arg_CallocKeywords_Mem_MemoryParseSizeStringTuple
                                                                                                                                • String ID: Invalid filter specifier for BCJ filter$|OO&
                                                                                                                                • API String ID: 3027669873-3728029529
                                                                                                                                • Opcode ID: 2d6ea4d5e37d11d661e885e2d778f54c5665b438574322f4c05504b752ed0ffa
                                                                                                                                • Instruction ID: 97df8f47c2ae77c1c536e8e1766a6022b3ac4b7e7214b4daaca198f24040465d
                                                                                                                                • Opcode Fuzzy Hash: 2d6ea4d5e37d11d661e885e2d778f54c5665b438574322f4c05504b752ed0ffa
                                                                                                                                • Instruction Fuzzy Hash: 8501D775A09E0299EB05CB92EC4456E33A8FB44B64F510077C61D43770EF3CE909C758
                                                                                                                                Function 00007FFE115183A4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_LongLong_Unsigned$FormatFromOccurredhtonl
                                                                                                                                • String ID: expected int, %s found
                                                                                                                                • API String ID: 3347179618-1178442907
                                                                                                                                • Opcode ID: da3e3c4209e0803c422f0d5816718bff87681f66fc10dfcfafae4169bba37942
                                                                                                                                • Instruction ID: 0b7b516e0724883abfdd57799fe6a0d94fbedfd8442d4a2acb1a9a480efca6c3
                                                                                                                                • Opcode Fuzzy Hash: da3e3c4209e0803c422f0d5816718bff87681f66fc10dfcfafae4169bba37942
                                                                                                                                • Instruction Fuzzy Hash: 21F03124E08E42C2EB669B23E89417963BABF49B75F580575D50F432B0EE3CE488C301
                                                                                                                                Function 00007FFE1A45ADEC Relevance: 9.2, APIs: 6, Instructions: 161COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Name::operator+$NameName::
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 168861036-0
                                                                                                                                • Opcode ID: 80a690cc5bf4571957900b2ba371d1f0df44bd22a0b18b914ff66e25afa9163e
                                                                                                                                • Instruction ID: 24c0c3a8ebe99c137ac6d4cd598463d31257035ead3d87dccea6baa833f6595b
                                                                                                                                • Opcode Fuzzy Hash: 80a690cc5bf4571957900b2ba371d1f0df44bd22a0b18b914ff66e25afa9163e
                                                                                                                                • Instruction Fuzzy Hash: FB7169B2B08F4289F711DBA2E8902BC37A1BB44B64F5080F6DA1D176A5DF79E462C740
                                                                                                                                Function 00007FFE0EA71D30 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936942642.00007FFE0EA71000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FFE0EA70000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936928583.00007FFE0EA70000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936956825.00007FFE0EA73000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936970557.00007FFE0EA74000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936984077.00007FFE0EA75000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe0ea70000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _aligned_free_aligned_malloc$callocfree
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2511558924-0
                                                                                                                                • Opcode ID: 8fb2105fd7c39bf321232f7441f6f1b7ebcf620c9448f78960a77339e4ca462d
                                                                                                                                • Instruction ID: d991f8e5dce6d1fd1978d5b8c34621670d6dee945e8291210b16fa030cc87e22
                                                                                                                                • Opcode Fuzzy Hash: 8fb2105fd7c39bf321232f7441f6f1b7ebcf620c9448f78960a77339e4ca462d
                                                                                                                                • Instruction Fuzzy Hash: 7F413866A0AB4286EB15CB41E85023963B0FF9CB91F494531DECD47BA4FF3CE8968700
                                                                                                                                Function 00007FFE013A1528 Relevance: 9.1, APIs: 6, Instructions: 83threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FFE013A1539
                                                                                                                                • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FFE013A158B
                                                                                                                                • FreeLibraryAndExitThread.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0 ref: 00007FFE013A15CE
                                                                                                                                • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FFE013A160F
                                                                                                                                • ExitThread.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FFE013A1617
                                                                                                                                  • Part of subcall function 00007FFE01393360: GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,00000000,00007FFE01392DA4,?,?,?,00007FFE013D3A07,?,?,?,?,00007FFE0139720A,?,?,?), ref: 00007FFE013933D9
                                                                                                                                  • Part of subcall function 00007FFE01393360: TlsGetValue.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,00000000,00007FFE01392DA4,?,?,?,00007FFE013D3A07,?,?,?,?,00007FFE0139720A,?,?,?), ref: 00007FFE013CBC5E
                                                                                                                                • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0 ref: 00007FFE013D737B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$ExitThread$AddressCloseFreeHandleLibraryProcValue
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1453037571-0
                                                                                                                                • Opcode ID: 95a0f58f1f6e3fd6a45dde49a93eb3ac7ba2312089a4b71b52672bd475ef0a8e
                                                                                                                                • Instruction ID: aab6464ab63e770ceb42c9e2c148ea3c5783d310e4bc54ae6de01213eefb6a64
                                                                                                                                • Opcode Fuzzy Hash: 95a0f58f1f6e3fd6a45dde49a93eb3ac7ba2312089a4b71b52672bd475ef0a8e
                                                                                                                                • Instruction Fuzzy Hash: A1319E20F0CA0382FB59A730959517C2269AF457B8F5A0734D87E4E6F6DF3CE8458240
                                                                                                                                Function 00007FFE1A4569F0 Relevance: 9.1, APIs: 6, Instructions: 83stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3741236498-0
                                                                                                                                • Opcode ID: 0fa2fcead297943da074142d2fbec92c84cd60449e30d9ad217028345c3eb4d3
                                                                                                                                • Instruction ID: 2c22617a3d5710520fa0a9b58cdcc255bf9f470f33cf0513c182b61d8dba4c76
                                                                                                                                • Opcode Fuzzy Hash: 0fa2fcead297943da074142d2fbec92c84cd60449e30d9ad217028345c3eb4d3
                                                                                                                                • Instruction Fuzzy Hash: 2631A462B19F9151EA15EB27A80457973A0FF49FF0B5985B2DD2D033A0EE7DE865C300
                                                                                                                                Function 00007FFE11EAFCEC Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • PyLong_FromUnsignedLongLong.PYTHON312(?,?,?,00007FFE11EAFBF9,?,?,?,00007FFE11EAFBA6,?,?,?,?,?,00007FFE11EAFB31), ref: 00007FFE11EAFD04
                                                                                                                                • PyUnicode_InternFromString.PYTHON312(?,?,?,00007FFE11EAFBF9,?,?,?,00007FFE11EAFBA6,?,?,?,?,?,00007FFE11EAFB31), ref: 00007FFE11EAFD15
                                                                                                                                • PyDict_SetItem.PYTHON312(?,?,?,00007FFE11EAFBF9,?,?,?,00007FFE11EAFBA6,?,?,?,?,?,00007FFE11EAFB31), ref: 00007FFE11EAFD30
                                                                                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFE11EAFBF9,?,?,?,00007FFE11EAFBA6,?,?,?,?,?,00007FFE11EAFB31), ref: 00007FFE11EB5832
                                                                                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFE11EAFBF9,?,?,?,00007FFE11EAFBA6,?,?,?,?,?,00007FFE11EAFB31), ref: 00007FFE11EB584B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DeallocFromLong$Dict_InternItemLong_StringUnicode_Unsigned
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 252187852-0
                                                                                                                                • Opcode ID: cb9f6d66bf81f09764608254249e219341844b8bb2ee10869aa05a2e7838a55f
                                                                                                                                • Instruction ID: 700881c0dc94f3f57f73b62f8a703804b05fe07888db8c5d4a6d3c45ba64557e
                                                                                                                                • Opcode Fuzzy Hash: cb9f6d66bf81f09764608254249e219341844b8bb2ee10869aa05a2e7838a55f
                                                                                                                                • Instruction Fuzzy Hash: 1E11302191CE4285EB5A4BA3AD1433E6298BF09FF2F0841B1D91E467F4DF3CE4458346
                                                                                                                                Function 00007FFE11514668 Relevance: 9.0, APIs: 6, Instructions: 34threadnetworkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Eval_Thread$Restore$Err_ErrorFromLastSaveWindowsioctlsocket
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 863680558-0
                                                                                                                                • Opcode ID: 402f04bb7d9212ea08196dd74a4af80d90a7af6c1d596dfc1541eee4981e6f64
                                                                                                                                • Instruction ID: 3b27bfc02fbe28704bbfa2c1261df9ba11ddfd1644bcc1ee3f82f22c4b325b74
                                                                                                                                • Opcode Fuzzy Hash: 402f04bb7d9212ea08196dd74a4af80d90a7af6c1d596dfc1541eee4981e6f64
                                                                                                                                • Instruction Fuzzy Hash: A9018F71B08E52C2E3019B37E84006A77B9FF88BA0B505070EA5E43B34EE3CD895C701
                                                                                                                                Function 00007FFE11516F50 Relevance: 9.0, APIs: 6, Instructions: 32threadnetworkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Eval_LongThread$Err_ErrorLastLong_OccurredRestoreSaveclosesocket
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 586723380-0
                                                                                                                                • Opcode ID: 23548299ace1e7fad86091418f4de8e22443fcfbf1b6eb3ae723178575055703
                                                                                                                                • Instruction ID: c5c36217caecd1b8c42205ce96c44ff9fd804a8c4d2d49874a8652f3b0305b63
                                                                                                                                • Opcode Fuzzy Hash: 23548299ace1e7fad86091418f4de8e22443fcfbf1b6eb3ae723178575055703
                                                                                                                                • Instruction Fuzzy Hash: 3DF0F451E1CE4241FB566B636588074627F6F04BB1F5406B4D93E437F4FF6CA444C222
                                                                                                                                Function 00007FFE1A453F60 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: abort$CallEncodePointerTranslator
                                                                                                                                • String ID: MOC$RCC
                                                                                                                                • API String ID: 2889003569-2084237596
                                                                                                                                • Opcode ID: 93ffbb8a8c38b724cb13d32310db34e78531563cac4ba1370c621256939a6833
                                                                                                                                • Instruction ID: 817ccf16e5f614c8ae2b0fa91b85b32bd61ce66d1facdc8703b5e3ccb96781d0
                                                                                                                                • Opcode Fuzzy Hash: 93ffbb8a8c38b724cb13d32310db34e78531563cac4ba1370c621256939a6833
                                                                                                                                • Instruction Fuzzy Hash: 8591B3B3B08B918AE750DB66E4402BD77B1F744B98F1041AAEE8D4BB65DF38D165C700
                                                                                                                                Function 00007FFE1A45C540 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Name::operator+
                                                                                                                                • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                                                                                • API String ID: 2943138195-757766384
                                                                                                                                • Opcode ID: 01adbf8b940f63687fb8b05ad2c3f4aee868cfabe9c87335b9cb2bee01f92b8d
                                                                                                                                • Instruction ID: 7a7b97423d2f4e3aed724f1d9a5f055a775e46facd1498bf98c907ba038ee296
                                                                                                                                • Opcode Fuzzy Hash: 01adbf8b940f63687fb8b05ad2c3f4aee868cfabe9c87335b9cb2bee01f92b8d
                                                                                                                                • Instruction Fuzzy Hash: C6714AB2B08E4688FB14AB2699500B867B5BB05BA4F8446F7DA4D53AA5DF2CE170C344
                                                                                                                                Function 00007FFE1A453CF0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: abort$CallEncodePointerTranslator
                                                                                                                                • String ID: MOC$RCC
                                                                                                                                • API String ID: 2889003569-2084237596
                                                                                                                                • Opcode ID: 8e034f92e989b9960bc08160daca0ef1833c14a7b13808a87468da7d70181806
                                                                                                                                • Instruction ID: e71589378b1fe1701979186732e1bc8cec8fc63fd15ceeb90e19ffd39fffeafd
                                                                                                                                • Opcode Fuzzy Hash: 8e034f92e989b9960bc08160daca0ef1833c14a7b13808a87468da7d70181806
                                                                                                                                • Instruction Fuzzy Hash: 16619773A08FC581D7619B16E4403B9B7A0FB85BA4F0442A6EB9D43765DF3CE1A4CB00
                                                                                                                                Function 00007FFE11BB1F80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 140COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938118027.00007FFE11BB1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE11BB0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938101310.00007FFE11BB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938133567.00007FFE11BB3000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938149100.00007FFE11BB4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938163229.00007FFE11BB5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11bb0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _wassertmemcpymemmove
                                                                                                                                • String ID: cfbState->usedKeyStream <= segment_len$src/raw_cfb.c
                                                                                                                                • API String ID: 750734614-977067101
                                                                                                                                • Opcode ID: 190ca472f54348da95aaf15e0cc56e810afdec70c59e9a35399ab383c56dfc83
                                                                                                                                • Instruction ID: 02976fb5d53fe5c2a881acff136b928d279f37540f88ebb3467c713be4754f46
                                                                                                                                • Opcode Fuzzy Hash: 190ca472f54348da95aaf15e0cc56e810afdec70c59e9a35399ab383c56dfc83
                                                                                                                                • Instruction Fuzzy Hash: 6D5134A2B05F9582E7158F2AD4049696764FB54FE4F44A6B2DE8803B55EF3CE192C304
                                                                                                                                Function 00007FFE1A455C50 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 135COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileHeader
                                                                                                                                • String ID: MOC$RCC$csm$csm
                                                                                                                                • API String ID: 104395404-1441736206
                                                                                                                                • Opcode ID: 5815091cf7d4bf77be2b6452b49c3696097c0f3c73df3e225fc204c9d15c1510
                                                                                                                                • Instruction ID: 0498f6a2c30bcfe646609de0339eedfc56350870012fcedeb6dc47dcf2698f5c
                                                                                                                                • Opcode Fuzzy Hash: 5815091cf7d4bf77be2b6452b49c3696097c0f3c73df3e225fc204c9d15c1510
                                                                                                                                • Instruction Fuzzy Hash: 2F5190B2B09A4296EAA0AB27914417D76A0FF44F65F1440F3EE4D87761DF3CE4718B82
                                                                                                                                Function 00007FFE013C67C8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Name::operator+=$Replicator::operator+=
                                                                                                                                • String ID: ...
                                                                                                                                • API String ID: 3157425598-440645147
                                                                                                                                • Opcode ID: ab6ba9168d8245f58e0df429e84d23090a613f1e1c8d9c4495997a013b9c4c19
                                                                                                                                • Instruction ID: 02be0cbaec47c2e43d2928e1e28e4dcd525eaf196c77a06e1f666b7b82412a61
                                                                                                                                • Opcode Fuzzy Hash: ab6ba9168d8245f58e0df429e84d23090a613f1e1c8d9c4495997a013b9c4c19
                                                                                                                                • Instruction Fuzzy Hash: E9517AF2E0D78289FB11CB25E8553B92BA1BB45B94F198135DA4D0B7B5CF3DE4458300
                                                                                                                                Function 00007FFE11EAFEA4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • PySequence_Size.PYTHON312(00000000,?,00000000,00007FFE11EAFE54), ref: 00007FFE11EAFED0
                                                                                                                                • PySequence_GetItem.PYTHON312(?,00000000,00007FFE11EAFE54), ref: 00007FFE11EAFF03
                                                                                                                                  • Part of subcall function 00007FFE11EAFF98: PyMapping_Check.PYTHON312(?,?,?,00000028,00007FFE11EAFF1F,?,00000000,00007FFE11EAFE54), ref: 00007FFE11EAFFBD
                                                                                                                                  • Part of subcall function 00007FFE11EAFF98: PyMapping_GetItemString.PYTHON312(?,?,?,00000028,00007FFE11EAFF1F,?,00000000,00007FFE11EAFE54), ref: 00007FFE11EAFFD7
                                                                                                                                  • Part of subcall function 00007FFE11EAFF98: PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00000028,00007FFE11EAFF1F,?,00000000,00007FFE11EAFE54), ref: 00007FFE11EAFFEC
                                                                                                                                  • Part of subcall function 00007FFE11EAFF98: PyErr_Occurred.PYTHON312(?,?,?,00000028,00007FFE11EAFF1F,?,00000000,00007FFE11EAFE54), ref: 00007FFE11EB0003
                                                                                                                                • PyErr_Format.PYTHON312(?,00000000,00007FFE11EAFE54), ref: 00007FFE11EB5891
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_ItemLongMapping_Sequence_$CheckFormatLong_OccurredSizeStringUnsigned
                                                                                                                                • String ID: Too many filters - liblzma supports a maximum of %d
                                                                                                                                • API String ID: 1062705235-2617632755
                                                                                                                                • Opcode ID: a8dce6b49c4721e3ac7d76778cdd951f8e883f2d6d20fc7a22e019174aa26525
                                                                                                                                • Instruction ID: 0e35c6e4a93c02be0d20ac454650096dc416b67a538b3aecbb6758e8c90b3759
                                                                                                                                • Opcode Fuzzy Hash: a8dce6b49c4721e3ac7d76778cdd951f8e883f2d6d20fc7a22e019174aa26525
                                                                                                                                • Instruction Fuzzy Hash: 5E314925A08E0285EB545BA7BC4013A6698BB46FF4F184375EE3D477F5DE3CE0828245
                                                                                                                                Function 00007FFE11EB153C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_$FormatOccurred
                                                                                                                                • String ID: Invalid compression preset: %u$Invalid filter chain for FORMAT_ALONE - must be a single LZMA1 filter
                                                                                                                                • API String ID: 4038069558-4068623215
                                                                                                                                • Opcode ID: 235a281b19c4b2400142f3efbfa73511de27b2f502db4f0261cc45130d1b64e3
                                                                                                                                • Instruction ID: 02b1736bcdb951cf7c5268e829ec57949b99b74b4c670c128cf18e09f812e0b8
                                                                                                                                • Opcode Fuzzy Hash: 235a281b19c4b2400142f3efbfa73511de27b2f502db4f0261cc45130d1b64e3
                                                                                                                                • Instruction Fuzzy Hash: 8A217121B1DE4285EB209BA6AC4037B2398BF89BB4F441672D95E473F5DE2CE5048B04
                                                                                                                                Function 00007FFE10232400 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937462956.00007FFE10231000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE10230000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937447788.00007FFE10230000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937477787.00007FFE10235000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937492187.00007FFE10236000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937505821.00007FFE10237000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe10230000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _wassertmemcpy
                                                                                                                                • String ID: @$D:\a\pycryptodome\pycryptodome\src\hash_SHA2_template.c$hs->curlen < BLOCK_SIZE
                                                                                                                                • API String ID: 785382960-4190453202
                                                                                                                                • Opcode ID: 9866ec4c9cf0936fe4a954d78d9ff4afd309cd52094dbb7c2e93bcceac7e3399
                                                                                                                                • Instruction ID: 424657901676d2c78de8a0494ffe2c066cc9b4f7d8edb6845cb33cf488c0b53c
                                                                                                                                • Opcode Fuzzy Hash: 9866ec4c9cf0936fe4a954d78d9ff4afd309cd52094dbb7c2e93bcceac7e3399
                                                                                                                                • Instruction Fuzzy Hash: 51217176B08A11CBEB589F16E1542697B60FB9EBA4F144075DF4A0BB6ACB3CD845C700
                                                                                                                                Function 00007FFE1151678C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Buffer_ErrorLastRelease$Arg_CheckErr_FromLong_ParseSignalsSizeSsize_tTuple_
                                                                                                                                • String ID: y*|i:send
                                                                                                                                • API String ID: 3302300731-3140140677
                                                                                                                                • Opcode ID: 9d902cd2a80d089053f697548214e4ad2e14000c8d8ac14ad480a3aadbdcc03a
                                                                                                                                • Instruction ID: 9626010b79eb3ad9d6a3d882bb43374cd7b0a263e3bd508b1a1965d6a5e03613
                                                                                                                                • Opcode Fuzzy Hash: 9d902cd2a80d089053f697548214e4ad2e14000c8d8ac14ad480a3aadbdcc03a
                                                                                                                                • Instruction Fuzzy Hash: 9A112AB1A08F4692E7119F66E4443AA73B9FB887A4F100176DA8D83774EF7DD448CB50
                                                                                                                                Function 00007FFE130C1010 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938510031.00007FFE130C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938494029.00007FFE130C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938526688.00007FFE130C4000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938542624.00007FFE130C6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938561193.00007FFE130C7000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe130c0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Arg_$ArgumentKeywordsUnpack
                                                                                                                                • String ID: argument 'query'$exec_query$str
                                                                                                                                • API String ID: 139282824-2846418808
                                                                                                                                • Opcode ID: 8a8a1c7d9e9e2c935ebeb999dcd53c24d42eb6c85c89a84b56cea3840578ce47
                                                                                                                                • Instruction ID: a41de501acbf1582efe800e06800a63e2c5f8f72a723de4925a00328f9812366
                                                                                                                                • Opcode Fuzzy Hash: 8a8a1c7d9e9e2c935ebeb999dcd53c24d42eb6c85c89a84b56cea3840578ce47
                                                                                                                                • Instruction Fuzzy Hash: DE018BB1A18F8289EA15CB02E8443A572E2FF64BA8FD141B5D94D27375EF7DE509CB00
                                                                                                                                Function 00007FFE0141D60C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00007FFE0141EEF8), ref: 00007FFE0141D631
                                                                                                                                • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,00007FFE0141EEF8), ref: 00007FFE0141D63D
                                                                                                                                  • Part of subcall function 00007FFE0141D710: CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0 ref: 00007FFE0141D721
                                                                                                                                • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,?,?,00007FFE0141EEF8), ref: 00007FFE0141D66F
                                                                                                                                • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,?,?,00007FFE0141EEF8), ref: 00007FFE0141D690
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                • String ID: CONOUT$
                                                                                                                                • API String ID: 3230265001-3130406586
                                                                                                                                • Opcode ID: a7527d7c958e88b7a470d175e70615f5c762764475a5e5c50c5f4dd4f1ad084e
                                                                                                                                • Instruction ID: fa14cdceceb2ea461eb06ad66f0acf2bfd2792421f6ac9eef8734e6cb5e53b42
                                                                                                                                • Opcode Fuzzy Hash: a7527d7c958e88b7a470d175e70615f5c762764475a5e5c50c5f4dd4f1ad084e
                                                                                                                                • Instruction Fuzzy Hash: 5B113976A18A4686E7608F56E44436973A0FB8CB99F104535DA8E4BB38CF7CD855CB01
                                                                                                                                Function 00007FFE0139FF64 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                • Opcode ID: a0fa5bb4aeebfe9c680639c86b58bde78110295bab5223d35b999981a134c111
                                                                                                                                • Instruction ID: 9c7cf26328b68ab4f94fa4fd2657ea457397f789f67691f4258051d6809f8d13
                                                                                                                                • Opcode Fuzzy Hash: a0fa5bb4aeebfe9c680639c86b58bde78110295bab5223d35b999981a134c111
                                                                                                                                • Instruction Fuzzy Hash: 05F03A61A1DA0286FF548B60E8843792764AF59749F441435E40F8E2B4DF6CE898C740
                                                                                                                                Function 00007FFE133010E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938594897.00007FFE13301000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938578259.00007FFE13300000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938612939.00007FFE13303000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938629391.00007FFE13305000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938646123.00007FFE13306000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Module_$FromInternObjectStateStringUnicode_
                                                                                                                                • String ID: close$error
                                                                                                                                • API String ID: 4029360594-371397155
                                                                                                                                • Opcode ID: b00ee18b52f09e43015f11ecc5196efd95cb15d53436f0639fb64e3f7d15bcef
                                                                                                                                • Instruction ID: 3e9b39983941d173775ccaac96f589a15e8dd15be820502070fcf9acc97b2239
                                                                                                                                • Opcode Fuzzy Hash: b00ee18b52f09e43015f11ecc5196efd95cb15d53436f0639fb64e3f7d15bcef
                                                                                                                                • Instruction Fuzzy Hash: 20F03A25A09E4795EA089B66F84407E2364BF2DBB4F444176DA2D673B0DF3CD0598308
                                                                                                                                Function 00007FFE11514A70 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: BuildDeallocErr_ObjectSizeValue_
                                                                                                                                • String ID: (is)$getaddrinfo failed
                                                                                                                                • API String ID: 3413694139-582941868
                                                                                                                                • Opcode ID: 6d3696d45c9a8b2b7f632d13abba6ccc3b07fd922a482b1a9f600298cf0d48ef
                                                                                                                                • Instruction ID: f9dd6cfdafcf996e3b9336124cd0343f0708006bdc31af5a230b158d79933ea5
                                                                                                                                • Opcode Fuzzy Hash: 6d3696d45c9a8b2b7f632d13abba6ccc3b07fd922a482b1a9f600298cf0d48ef
                                                                                                                                • Instruction Fuzzy Hash: 97F01C22A08E4381EB069F63E8981B823FBEF48BA5F455071CA1D46774EF7CE485C700
                                                                                                                                Function 00007FFE013EEC48 Relevance: 7.8, APIs: 5, Instructions: 344COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00007FFE013EED1C
                                                                                                                                • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00007FFE013EEE3D
                                                                                                                                • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00007FFE013EEF53
                                                                                                                                • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00007FFE013EEFD9
                                                                                                                                • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00007FFE013EF0A7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiWide$Info
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1775632426-0
                                                                                                                                • Opcode ID: 15a8164fef82a85ab5440084c303d4fae747831679e295b0d13bbbe827c8cb33
                                                                                                                                • Instruction ID: e77c89d90cc4e8006e9fd239c18274782c3c6715021722395ad2c5f58f2fcbf7
                                                                                                                                • Opcode Fuzzy Hash: 15a8164fef82a85ab5440084c303d4fae747831679e295b0d13bbbe827c8cb33
                                                                                                                                • Instruction Fuzzy Hash: 07D1C012E0C38246FB746B64849027E6AD5AF65794F574236E95C0EBFCCE7EE8858301
                                                                                                                                Function 00007FFE013A1E24 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE013A1E19), ref: 00007FFE013A1E8A
                                                                                                                                • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE013A1E19), ref: 00007FFE013A1EB7
                                                                                                                                • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE013A1E19), ref: 00007FFE013D75C3
                                                                                                                                • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE013A1E19), ref: 00007FFE013D75D0
                                                                                                                                • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE013A1E19), ref: 00007FFE013D7607
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FullNamePath$ErrorLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 457693415-0
                                                                                                                                • Opcode ID: 0f3d5973385eec4d98cb3dfa90842043fe91ebd008eb98af393fafc93bd508fb
                                                                                                                                • Instruction ID: dc65b648b8d0b790315bd1b356140d2d5a89b90975e5a505040afffe5878fa6f
                                                                                                                                • Opcode Fuzzy Hash: 0f3d5973385eec4d98cb3dfa90842043fe91ebd008eb98af393fafc93bd508fb
                                                                                                                                • Instruction Fuzzy Hash: 1631E125F08B5286FB24AB71E8044BC32A5BF44B88F594535DE5E6BBB5DF3CE8418340
                                                                                                                                Function 00007FFE1A45A920 Relevance: 7.6, APIs: 5, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: NameName::$Name::operator+
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 826178784-0
                                                                                                                                • Opcode ID: f125dc20a4fc2cff283c2e4d5124f38be857c51718d1d3c9008137230ed817e4
                                                                                                                                • Instruction ID: c27719cab2395f36c17cfd406b8932f99f659b90677ac9e23bdfdc20e0fe4823
                                                                                                                                • Opcode Fuzzy Hash: f125dc20a4fc2cff283c2e4d5124f38be857c51718d1d3c9008137230ed817e4
                                                                                                                                • Instruction Fuzzy Hash: 54414CA2B19F5298EB10EB22E8541B827B4BF15FA4F9444F3DA4D537A5DF38E865C300
                                                                                                                                Function 00007FFE11BB23F0 Relevance: 7.6, APIs: 6, Instructions: 76COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938118027.00007FFE11BB1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE11BB0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938101310.00007FFE11BB0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938133567.00007FFE11BB3000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938149100.00007FFE11BB4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938163229.00007FFE11BB5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11bb0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: calloc$free$memcpy
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3937003943-0
                                                                                                                                • Opcode ID: 9bc8d67156ad3f452768cdaea32a448c3d61317b4a210aaa2a65c8f186b35c59
                                                                                                                                • Instruction ID: 5eedbd76ac92de062582d0ef605d2892b51ddc1db48ac91669ad6e186961589c
                                                                                                                                • Opcode Fuzzy Hash: 9bc8d67156ad3f452768cdaea32a448c3d61317b4a210aaa2a65c8f186b35c59
                                                                                                                                • Instruction Fuzzy Hash: 51313625A09F41C6EB248F16E444B2962B9FF48BA0F1464B5DF4D07FA9EE3CE8958344
                                                                                                                                Function 00007FFE133026F0 Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938594897.00007FFE13301000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938578259.00007FFE13300000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938612939.00007FFE13303000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938629391.00007FFE13305000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938646123.00007FFE13306000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: List_$DeallocItem
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1559017468-0
                                                                                                                                • Opcode ID: 0510465720fbbf57f064ff2e3727586b04389ca9bb4a7a224825a4f618bb6ef6
                                                                                                                                • Instruction ID: 28495415e6c956d2b22cfbedcf7e6d329cbe01a92e54528971544efb1404ef89
                                                                                                                                • Opcode Fuzzy Hash: 0510465720fbbf57f064ff2e3727586b04389ca9bb4a7a224825a4f618bb6ef6
                                                                                                                                • Instruction Fuzzy Hash: E021A932A18B028AEB248F12E5442AE73B1FB68FA0F844475DB5EA3765DF3DE055C304
                                                                                                                                Function 00007FFE013A46B0 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FFE013A11EC: GetModuleHandleExW.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE013A1178), ref: 00007FFE013A1230
                                                                                                                                • CreateThread.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FFE013A46FA
                                                                                                                                • ResumeThread.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FFE013A4713
                                                                                                                                • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FFE013D838D
                                                                                                                                • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0 ref: 00007FFE013D83A9
                                                                                                                                • FreeLibrary.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0 ref: 00007FFE013D83B8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleThread$CloseCreateErrorFreeLastLibraryModuleResume
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1364334503-0
                                                                                                                                • Opcode ID: b68a7a0fac91d9d1845244722fd2157da5691920a39cb700d62bacc8eb217cd8
                                                                                                                                • Instruction ID: bb9a92ac6fba721e9da5e08718599d3d8ee2ac0277d21f954622a3544a026179
                                                                                                                                • Opcode Fuzzy Hash: b68a7a0fac91d9d1845244722fd2157da5691920a39cb700d62bacc8eb217cd8
                                                                                                                                • Instruction Fuzzy Hash: 00219025A0EB4282FF249B64E8502B962A4BF45BB4F590735DA7E0A3F5DF7DF4008240
                                                                                                                                Function 00007FFE013B33D4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _set_statfp
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1156100317-0
                                                                                                                                • Opcode ID: d87a420c425093582bf0768a505271f7d8736b4892105bec4a5daca04c7c3215
                                                                                                                                • Instruction ID: 7567850f8f2c5a80016aa86f62a34bb17ad59e0136e27b0b626cd884a6b4ed1c
                                                                                                                                • Opcode Fuzzy Hash: d87a420c425093582bf0768a505271f7d8736b4892105bec4a5daca04c7c3215
                                                                                                                                • Instruction Fuzzy Hash: 1711E52AE1CA3305FB961168E4C63791040BF96374F4B0A35EB7E6E2F7BE1CA9814200
                                                                                                                                Function 00007FFE13301070 Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938594897.00007FFE13301000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938578259.00007FFE13300000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938612939.00007FFE13303000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938629391.00007FFE13305000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938646123.00007FFE13306000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DeallocModule_State
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1903735390-0
                                                                                                                                • Opcode ID: 29ba12ce9a091516bd5ec055b50f0585dfd5d964cbc4b820affa4f0832a20046
                                                                                                                                • Instruction ID: 7e16eada0ad6e39f9fbaa75d56ef4f5e44deeaec5ef999716a93a86e3ee32f52
                                                                                                                                • Opcode Fuzzy Hash: 29ba12ce9a091516bd5ec055b50f0585dfd5d964cbc4b820affa4f0832a20046
                                                                                                                                • Instruction Fuzzy Hash: DB212C35D09E82CDFB595F73C64437C32A4AB69B39F1440B1C6AEA21A1CF7EA484C309
                                                                                                                                Function 00007FFE11EB2F9C Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Dealloc$Module_State
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3434497292-0
                                                                                                                                • Opcode ID: 9b301df99932a2c34feb3b2f767aa745cc02169cdf38237671620287c41aeb36
                                                                                                                                • Instruction ID: 33d1c66f1b4933ee4cc4c968939bc7d1098298b4b5aeaa182ca70e901dddb400
                                                                                                                                • Opcode Fuzzy Hash: 9b301df99932a2c34feb3b2f767aa745cc02169cdf38237671620287c41aeb36
                                                                                                                                • Instruction Fuzzy Hash: 70210032D1EE0789FB594FB6CC1573A22A8BF14F25F1440B2D90E556A1CF3DA481D318
                                                                                                                                Function 00007FFE11516EBC Relevance: 7.5, APIs: 5, Instructions: 33threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Eval_Thread$Err_Long_OccurredRestoreSaveshutdown
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 24305128-0
                                                                                                                                • Opcode ID: ab70f0809716880a260891902c4992cf86772b9ffdbb117dac050b74a4e95bf6
                                                                                                                                • Instruction ID: 0753a54175768fb4878c235a73022829eb7a052cb298bac3c6c2d14d191fab13
                                                                                                                                • Opcode Fuzzy Hash: ab70f0809716880a260891902c4992cf86772b9ffdbb117dac050b74a4e95bf6
                                                                                                                                • Instruction Fuzzy Hash: B5016D25B08F4282EB229B63B48407A627ABF48BB0B044674DA5E43774EF7CE485C620
                                                                                                                                Function 00007FFE1A45470C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FFE1A456E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A4529EE), ref: 00007FFE1A456E56
                                                                                                                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A45488B
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: abort
                                                                                                                                • String ID: $csm$csm
                                                                                                                                • API String ID: 4206212132-1512788406
                                                                                                                                • Opcode ID: bd14039b9dc44c48f3afba7226bd4a8f48c08aeb5fb2f86f7c5774b76e28317a
                                                                                                                                • Instruction ID: 981da8115c9b48803b9ad4d14fb071730699ec5304509786106cb108d2509734
                                                                                                                                • Opcode Fuzzy Hash: bd14039b9dc44c48f3afba7226bd4a8f48c08aeb5fb2f86f7c5774b76e28317a
                                                                                                                                • Instruction Fuzzy Hash: 8D71D4B2B08AC186D7659F26D04037D7BA1FB41FA8F0481B2DA8D0B6AACB3CD461C741
                                                                                                                                Function 00007FFE1A4544E4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FFE1A456E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A4529EE), ref: 00007FFE1A456E56
                                                                                                                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A4545DB
                                                                                                                                • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FFE1A4545EB
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Frameabort$EmptyHandler3::StateUnwind
                                                                                                                                • String ID: csm$csm
                                                                                                                                • API String ID: 4108983575-3733052814
                                                                                                                                • Opcode ID: 08ef0bffa0d8dc861c4a01b7d2fd628c67e896dc6c26123b9582640005c51e48
                                                                                                                                • Instruction ID: de0bbe02d8b80d45672660b4dc0e76c3c97907b3f4d833729b3815f7139b15e7
                                                                                                                                • Opcode Fuzzy Hash: 08ef0bffa0d8dc861c4a01b7d2fd628c67e896dc6c26123b9582640005c51e48
                                                                                                                                • Instruction Fuzzy Hash: DC51A4B2B08A8586EB649B12914437976A1FB50FA4F1441F7DB4C4BBA6CF3CE571CB00
                                                                                                                                Function 00007FFE013879C8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 96libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFE013A383C), ref: 00007FFE01387A92
                                                                                                                                • LCMapStringW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,?,?,?,?,?,00007FFE013A383C), ref: 00007FFE013CEB94
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressProcString
                                                                                                                                • String ID: IsValidLocaleName$LCMapStringEx
                                                                                                                                • API String ID: 3874510993-3130311144
                                                                                                                                • Opcode ID: 9b533e5280c762b994db7e40a40979f83a82ca94644ecff09b81028189333700
                                                                                                                                • Instruction ID: 4ae85a88e5569bcc03867964fbff4fad312a8c16fabf7a0c9f043b33822090c6
                                                                                                                                • Opcode Fuzzy Hash: 9b533e5280c762b994db7e40a40979f83a82ca94644ecff09b81028189333700
                                                                                                                                • Instruction Fuzzy Hash: B941DF22B19B4282FB648B15E8107B973E1BB48BD8F055235ED5D5B7B4EF3CE9058740
                                                                                                                                Function 00007FFE013ED5C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 94libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFE013EF23F), ref: 00007FFE013ED648
                                                                                                                                • CompareStringW.API-MS-WIN-CORE-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFE013EF23F), ref: 00007FFE013ED710
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressCompareProcString
                                                                                                                                • String ID: AppPolicyGetThreadInitializationType$CompareStringEx
                                                                                                                                • API String ID: 108076903-1200376162
                                                                                                                                • Opcode ID: aa9721124bbc1be26fdb9ae6b67df0e1d7e2398948356b7dae4485f8b19b2e75
                                                                                                                                • Instruction ID: b7b148b0f19cd61b3476b87588634da550e56c479a795ae764f4aa1ba3313026
                                                                                                                                • Opcode Fuzzy Hash: aa9721124bbc1be26fdb9ae6b67df0e1d7e2398948356b7dae4485f8b19b2e75
                                                                                                                                • Instruction Fuzzy Hash: 9131B531B09B4286EB54CB25E81076563E0FB58BE8F455135ED5D4B7B8DF3CE8458740
                                                                                                                                Function 00007FFE1A45B118 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: NameName::
                                                                                                                                • String ID: %lf
                                                                                                                                • API String ID: 1333004437-2891890143
                                                                                                                                • Opcode ID: 7e0deb2cf17bd330c849068a4ca2fc9bc064bfcc9212df10860184869afe9d43
                                                                                                                                • Instruction ID: d2b3330a5854bd68c2839003d70c3650593197a4c269079963081034022440b0
                                                                                                                                • Opcode Fuzzy Hash: 7e0deb2cf17bd330c849068a4ca2fc9bc064bfcc9212df10860184869afe9d43
                                                                                                                                • Instruction Fuzzy Hash: B331B7A1B0CF4685EA11EB13A8501BA7361BF55FA0F5481F7EA5E53771EE2CE162C700
                                                                                                                                Function 00007FFE013ED830 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 89libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,?,?,?,?,00007FFE013D80F1,?,?,?,?,?,?,?,00000000), ref: 00007FFE013ED8B2
                                                                                                                                • GetDateFormatW.API-MS-WIN-CORE-DATETIME-L1-1-0(?,?,?,?,?,?,?,00007FFE013D80F1,?,?,?,?,?,?,?,00000000), ref: 00007FFE013ED960
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressDateFormatProc
                                                                                                                                • String ID: GetDateFormatEx$RoInitialize
                                                                                                                                • API String ID: 2680382325-2816274727
                                                                                                                                • Opcode ID: 9debc0c5372f8b20ce6dc845debd78ef40473b943a3ea9a30b28a14f0f99d8f9
                                                                                                                                • Instruction ID: edd4fceb780c6654e149a1c97426c7fbd291097949f0a9e1744b9d2063977e34
                                                                                                                                • Opcode Fuzzy Hash: 9debc0c5372f8b20ce6dc845debd78ef40473b943a3ea9a30b28a14f0f99d8f9
                                                                                                                                • Instruction Fuzzy Hash: 67317E71B09B4282FB14CB16E81066567E1BB98BD4F0A5235EE5D5BBF8DF3CE8058740
                                                                                                                                Function 00007FFE013EDB6C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 88libraryloadertimeCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,?,?,?,?,00007FFE013D8194,?,?,?,?,?,?,?,00000000), ref: 00007FFE013EDBEE
                                                                                                                                • GetTimeFormatW.API-MS-WIN-CORE-DATETIME-L1-1-0(?,?,?,?,?,?,?,00007FFE013D8194,?,?,?,?,?,?,?,00000000), ref: 00007FFE013EDC96
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressFormatProcTime
                                                                                                                                • String ID: GetTimeFormatEx$RoInitialize
                                                                                                                                • API String ID: 3572143191-3078538569
                                                                                                                                • Opcode ID: 08ba3db2cd023eb4a52b744bc0d50abaa24cb366c18270220956c9e46a07d6a8
                                                                                                                                • Instruction ID: ff2fb3cab8e97004e0100bf96182d69c463449f725ade4a1bdee1742c6a1733b
                                                                                                                                • Opcode Fuzzy Hash: 08ba3db2cd023eb4a52b744bc0d50abaa24cb366c18270220956c9e46a07d6a8
                                                                                                                                • Instruction Fuzzy Hash: C3319E61B09B0286FB14CB56E81016567E1BB98BD4F0A4139EE5D5B7F8EF3CE401C700
                                                                                                                                Function 00007FFE01395BEC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE01392DD6,?,?,?,00007FFE013D3A07,?,?,?,?,00007FFE0139720A,?,?,?), ref: 00007FFE01395C75
                                                                                                                                • TlsSetValue.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,?,00007FFE01392DD6,?,?,?,00007FFE013D3A07,?,?,?,?,00007FFE0139720A,?,?,?), ref: 00007FFE013D34D0
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressProcValue
                                                                                                                                • String ID: FlsSetValue$LCMapStringEx
                                                                                                                                • API String ID: 1414840956-3586097892
                                                                                                                                • Opcode ID: c2bfd39ba120818d2612d53e507c27fabb8c75a6aa5377d5b8644cab998b21a8
                                                                                                                                • Instruction ID: 5713712111903087ec9568489e93b6b757641530e3bada8fbdbfe1aad333cc40
                                                                                                                                • Opcode Fuzzy Hash: c2bfd39ba120818d2612d53e507c27fabb8c75a6aa5377d5b8644cab998b21a8
                                                                                                                                • Instruction Fuzzy Hash: 3021B161B1DA4242FB059B55FC501B523A1AF58BD8F05523AED6E4F7B4EF2CE9448240
                                                                                                                                Function 00007FFE0139DC00 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 70libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE0139DB9B), ref: 00007FFE0139DC80
                                                                                                                                • GetUserDefaultLCID.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,00007FFE0139DB9B), ref: 00007FFE013D60CB
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressDefaultProcUser
                                                                                                                                • String ID: GetUserDefaultLocaleName$IsValidLocaleName
                                                                                                                                • API String ID: 306211784-3812970866
                                                                                                                                • Opcode ID: dcb265f1781f1b73115a2037d1729394b8a196afeee98dd2cf94c5db0d8f488f
                                                                                                                                • Instruction ID: ee1b5a92b304bf9eda1487de94a18c92097f13b0dc24ebf89355f442672ed25f
                                                                                                                                • Opcode Fuzzy Hash: dcb265f1781f1b73115a2037d1729394b8a196afeee98dd2cf94c5db0d8f488f
                                                                                                                                • Instruction Fuzzy Hash: AE21AEA1A1DA4282FB489755F8612B613A1AF44BD8F065136EC2D5F7F4EE2CE9458340
                                                                                                                                Function 00007FFE013ED738 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE013ED164,?,?,?,?,00007FFE013969BB), ref: 00007FFE013ED7A9
                                                                                                                                • TlsFree.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,?,00007FFE013ED164,?,?,?,?,00007FFE013969BB), ref: 00007FFE013ED814
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressFreeProc
                                                                                                                                • String ID: FlsFree$LCMapStringEx
                                                                                                                                • API String ID: 4110577592-1627765421
                                                                                                                                • Opcode ID: e79c77a0240be8a567a5080c53d17f1f0626c61471528051b02ca36ec4fb2710
                                                                                                                                • Instruction ID: 65556649f5e27fedba29546bb3cd68ad8545c935738ba81e89dd8e849c1ce378
                                                                                                                                • Opcode Fuzzy Hash: e79c77a0240be8a567a5080c53d17f1f0626c61471528051b02ca36ec4fb2710
                                                                                                                                • Instruction Fuzzy Hash: F2219261B1DB4242FB188B54E82017513E1AF587D8F059635ED2E4F7F8EF2CE9458340
                                                                                                                                Function 00007FFE01396F44 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65librarymemoryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE01396906), ref: 00007FFE01396FBF
                                                                                                                                • TlsAlloc.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,?,00007FFE01396906), ref: 00007FFE01396FFF
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressAllocProc
                                                                                                                                • String ID: FlsAlloc$LCMapStringEx
                                                                                                                                • API String ID: 2924745751-1958574131
                                                                                                                                • Opcode ID: 2a0f0c03515618c11b71a27955b96ad88552341b67fe2de0caf3d199cc0a7c3e
                                                                                                                                • Instruction ID: 138214d0405fd374bd0c46228f89ab739d6feaed916bd17db887dafaafac22a9
                                                                                                                                • Opcode Fuzzy Hash: 2a0f0c03515618c11b71a27955b96ad88552341b67fe2de0caf3d199cc0a7c3e
                                                                                                                                • Instruction Fuzzy Hash: 6D21C5A1A1EA0341FB488B55F86157513A0AF447D8F456135ED2E1F7F4EE2CF8488340
                                                                                                                                Function 00007FFE01395890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • TlsSetValue.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,?,00007FFE013A185E,?,?,?,?,?,00007FFE013A1811), ref: 00007FFE013D3288
                                                                                                                                • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE013A185E,?,?,?,?,?,00007FFE013A1811), ref: 00007FFE013D329E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressProcValue
                                                                                                                                • String ID: FlsSetValue$LCMapStringEx
                                                                                                                                • API String ID: 1414840956-3586097892
                                                                                                                                • Opcode ID: 3818a68e7e2f3798cf4fe997117d6b6f00ca7b8d0f2e65211b2ae3421c2c64b4
                                                                                                                                • Instruction ID: 93f44a73ed2f09938fa337fb9747117ab7d1d92f249e2702ebc11d0ddace9e16
                                                                                                                                • Opcode Fuzzy Hash: 3818a68e7e2f3798cf4fe997117d6b6f00ca7b8d0f2e65211b2ae3421c2c64b4
                                                                                                                                • Instruction Fuzzy Hash: F7214162F19B0242FB459B19F8501756392AF487A4F159639D97D4F7F4EE3CF8458300
                                                                                                                                Function 00007FFE01395900 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • TlsSetValue.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,?,00007FFE013A1DEE,?,?,?,?,?,?,?,?,?,00007FFE013A1C89), ref: 00007FFE013D3329
                                                                                                                                • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE013A1DEE,?,?,?,?,?,?,?,?,?,00007FFE013A1C89), ref: 00007FFE013D333F
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressProcValue
                                                                                                                                • String ID: FlsSetValue$LCMapStringEx
                                                                                                                                • API String ID: 1414840956-3586097892
                                                                                                                                • Opcode ID: d5557e0cae6f55a059ba571ea4027650813cbd84ded42dbb11da8c47c6958741
                                                                                                                                • Instruction ID: 74d1fcb5c6f15a19870321542ac0ed9c2904bc06016479481b3cbd892f210cc8
                                                                                                                                • Opcode Fuzzy Hash: d5557e0cae6f55a059ba571ea4027650813cbd84ded42dbb11da8c47c6958741
                                                                                                                                • Instruction Fuzzy Hash: 69216D61B1AB0242FB449B18FD502752391AF487B4F459639D97D4F7F8EE6CF8458301
                                                                                                                                Function 00007FFE01393360 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,00000000,00007FFE01392DA4,?,?,?,00007FFE013D3A07,?,?,?,?,00007FFE0139720A,?,?,?), ref: 00007FFE013933D9
                                                                                                                                • TlsGetValue.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,00000000,00007FFE01392DA4,?,?,?,00007FFE013D3A07,?,?,?,?,00007FFE0139720A,?,?,?), ref: 00007FFE013CBC5E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressProcValue
                                                                                                                                • String ID: FlsGetValue$LCMapStringEx
                                                                                                                                • API String ID: 1414840956-552164261
                                                                                                                                • Opcode ID: 057292a9f8eaf09dec05bf75a1bb2fd3eb35b4e290f2ce56d0f51df6153956ce
                                                                                                                                • Instruction ID: 97f42da2910642c3866d3bfd482aae7308990f06df515aca495f94f5afca6813
                                                                                                                                • Opcode Fuzzy Hash: 057292a9f8eaf09dec05bf75a1bb2fd3eb35b4e290f2ce56d0f51df6153956ce
                                                                                                                                • Instruction Fuzzy Hash: 21216261B19B0282FF449B29E89017963A1AF487A4F069639D96D4F7F8DE3CF8498340
                                                                                                                                Function 00007FFE11515404 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$Err_Eval_Thread$AuditCheckFormatFromLongLong_RestoreSaveSignalsSys_connect
                                                                                                                                • String ID: connect_ex$socket.connect
                                                                                                                                • API String ID: 3879675179-935070752
                                                                                                                                • Opcode ID: 2962bc6f7dbe70797a4ee8eecfeeb2ff851f713150ec20ace90f4a2f1302f801
                                                                                                                                • Instruction ID: b8a40abbdf117a20a824b1664fcc4d9badddb70ac4cf05c3b19bcd1ad6cde58c
                                                                                                                                • Opcode Fuzzy Hash: 2962bc6f7dbe70797a4ee8eecfeeb2ff851f713150ec20ace90f4a2f1302f801
                                                                                                                                • Instruction Fuzzy Hash: E4118E21B1CE8285EB628BA3F4107AA63A9FF447A4F440072DA4D47A75EF7CE004C740
                                                                                                                                Function 00007FFE1A452A50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FFE1A456E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A4529EE), ref: 00007FFE1A456E56
                                                                                                                                • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A452A8E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: abortterminate
                                                                                                                                • String ID: MOC$RCC$csm
                                                                                                                                • API String ID: 661698970-2671469338
                                                                                                                                • Opcode ID: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                                                                                                                • Instruction ID: bf05f5ed05f654c924678f930fc850e68dc2489998943898e4d87e2a05e401aa
                                                                                                                                • Opcode Fuzzy Hash: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                                                                                                                • Instruction Fuzzy Hash: EBF03C72A18A0686E7A47B63E18107D7664EF48F61F1950F3EB4806262CF7CE8B0C701
                                                                                                                                Function 00007FFE11EB12DC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • PyLong_AsUnsignedLongLong.PYTHON312(?,?,00000006,00007FFE11EB0138), ref: 00007FFE11EB12E9
                                                                                                                                • PyErr_Occurred.PYTHON312(?,?,00000006,00007FFE11EB0138), ref: 00007FFE11EB12F2
                                                                                                                                • PyErr_SetString.PYTHON312(?,?,00000006,00007FFE11EB0138), ref: 00007FFE11EB5C13
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                                                                                • String ID: Value too large for uint32_t type
                                                                                                                                • API String ID: 944333170-1712686559
                                                                                                                                • Opcode ID: 04c9a14db9ad32f61774afc0bccaea88f7c247a1f103ee7b9b23db3c104f223f
                                                                                                                                • Instruction ID: ec8f4f4d5cf12ddcc45dc70c9ef640308d6cf600d920af1cdab942a1c7a7c4cb
                                                                                                                                • Opcode Fuzzy Hash: 04c9a14db9ad32f61774afc0bccaea88f7c247a1f103ee7b9b23db3c104f223f
                                                                                                                                • Instruction Fuzzy Hash: 8CF08220B09E43CAEB004FA7FC8463A23A8BF48BA5F044076DA0D46730EE3CE4948304
                                                                                                                                Function 00007FFE11EB61C8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                                                                                • String ID: Value too large for lzma_mode type
                                                                                                                                • API String ID: 944333170-1290617251
                                                                                                                                • Opcode ID: 0e76b3866fc3bcb7a5649b9497d3946265030f1ee6d5e33ec6cce759dd01f5a6
                                                                                                                                • Instruction ID: b7ecc6f21435a3bb9904c8801e4707f71e98c94c2da466f29bc17473cd92b711
                                                                                                                                • Opcode Fuzzy Hash: 0e76b3866fc3bcb7a5649b9497d3946265030f1ee6d5e33ec6cce759dd01f5a6
                                                                                                                                • Instruction Fuzzy Hash: BFF05821A09E0389EF104F93FC8053A63A8BF48FA0F0840B6CA0E06374CE3CE4948708
                                                                                                                                Function 00007FFE11EB6170 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                                                                                • String ID: Value too large for lzma_match_finder type
                                                                                                                                • API String ID: 944333170-1161044407
                                                                                                                                • Opcode ID: b7c9e5cd85fe7e041b9e1837019c8943bb6b93b4fd8f7ff26e19bffd3d262c1f
                                                                                                                                • Instruction ID: b37afb9336e5ac6320bf84797c7cb89be9d207c07a15a25b2e28a374aefed169
                                                                                                                                • Opcode Fuzzy Hash: b7c9e5cd85fe7e041b9e1837019c8943bb6b93b4fd8f7ff26e19bffd3d262c1f
                                                                                                                                • Instruction Fuzzy Hash: 37F05E21B08E0285EB144F93ED8453A23A8BF48FA4F084076CA0D0A371DE3CE4848704
                                                                                                                                Function 00007FFE11516738 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                • <socket object, fd=%ld, family=%d, type=%d, proto=%d>, xrefs: 00007FFE11516751
                                                                                                                                • no printf formatter to display the socket descriptor in decimal, xrefs: 00007FFE11516777
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_FormatFromStringUnicode_
                                                                                                                                • String ID: <socket object, fd=%ld, family=%d, type=%d, proto=%d>$no printf formatter to display the socket descriptor in decimal
                                                                                                                                • API String ID: 1884982852-285600062
                                                                                                                                • Opcode ID: ff9266a9ee1f81eaf94e791bbc0501b2ca49c8d8a91491c8603a5e96e663f622
                                                                                                                                • Instruction ID: 1c84b332f755d0c33d88c97a0e30f30cb2da42e592d7cf8bdfc07ca3b84ee665
                                                                                                                                • Opcode Fuzzy Hash: ff9266a9ee1f81eaf94e791bbc0501b2ca49c8d8a91491c8603a5e96e663f622
                                                                                                                                • Instruction Fuzzy Hash: 05F05E74E0890282EB119B2AD84047833B6FB48BB8FA04371C93D472F0EE6DE406C710
                                                                                                                                Function 00007FFE01393220 Relevance: 6.3, APIs: 5, Instructions: 84COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1452528299-0
                                                                                                                                • Opcode ID: 6a3ee440ea5db79d3e7f622a770cbd6c6d832af213acb4bb2e0b024190d58d6b
                                                                                                                                • Instruction ID: 10409dc8ad38efb3c8fbcf24796f114239efaf30079aa1719ef8225643f09977
                                                                                                                                • Opcode Fuzzy Hash: 6a3ee440ea5db79d3e7f622a770cbd6c6d832af213acb4bb2e0b024190d58d6b
                                                                                                                                • Instruction Fuzzy Hash: 5D31B220F0D64386FB54AB31E99117D22A5BF447A8F050635E96E0FBF6DE2CF8458700
                                                                                                                                Function 00007FFE013930C0 Relevance: 6.3, APIs: 5, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FFE01382468,?,?,00000000,?,00000000,00007FFE01382036), ref: 00007FFE013930CF
                                                                                                                                • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FFE01382468,?,?,00000000,?,00000000,00007FFE01382036), ref: 00007FFE0139311E
                                                                                                                                • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FFE01382468,?,?,00000000,?,00000000,00007FFE01382036), ref: 00007FFE01393139
                                                                                                                                • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FFE01382468,?,?,00000000,?,00000000,00007FFE01382036), ref: 00007FFE01393151
                                                                                                                                • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FFE01382468,?,?,00000000,?,00000000,00007FFE01382036), ref: 00007FFE013931BD
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1452528299-0
                                                                                                                                • Opcode ID: d479305a78ada1b5cab12f65b0e77c369e7f84cb1d83b1e8908b084dacaa8c0d
                                                                                                                                • Instruction ID: 64fc92bcfcd8895786c00845f50769d06ad6d5482e29eb4d18b4069ec3bd63f2
                                                                                                                                • Opcode Fuzzy Hash: d479305a78ada1b5cab12f65b0e77c369e7f84cb1d83b1e8908b084dacaa8c0d
                                                                                                                                • Instruction Fuzzy Hash: AD318D60E0DA4386FB58BB34E89117D22A5BF447A8F050635E96E0FBF6DE2CF8448701
                                                                                                                                Function 00007FFE01392C30 Relevance: 6.3, APIs: 5, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000001,00007FFE01426105), ref: 00007FFE01392C44
                                                                                                                                • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000001,00007FFE01426105), ref: 00007FFE01392C93
                                                                                                                                • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000001,00007FFE01426105), ref: 00007FFE01392CA9
                                                                                                                                • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000001,00007FFE01426105), ref: 00007FFE01392CC1
                                                                                                                                • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000001,00007FFE01426105), ref: 00007FFE01392D2A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1452528299-0
                                                                                                                                • Opcode ID: 0d77692d69ce860c7b8ecdc2c5ad5fe4224388b8a7ecdc0a9e9ce8307b03d879
                                                                                                                                • Instruction ID: 3d3de0b0583a61c89b17c3e9a0a73a0ad625722be88dee062cce30bc6610a3ff
                                                                                                                                • Opcode Fuzzy Hash: 0d77692d69ce860c7b8ecdc2c5ad5fe4224388b8a7ecdc0a9e9ce8307b03d879
                                                                                                                                • Instruction Fuzzy Hash: 0831A420F0DA4386FB55AB34E99117E2265AF447A4F050635E97E0F7F6DE2CF8458740
                                                                                                                                Function 00007FFE01392B00 Relevance: 6.3, APIs: 5, Instructions: 84COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1452528299-0
                                                                                                                                • Opcode ID: cf530fa63458d16339cc321344d5bae331de74766023e2588c3b19cc33c82e12
                                                                                                                                • Instruction ID: 30d7100c65d9c969e75c7251c0865f2492ddf5db5291fe11e4be6ad8d1eef436
                                                                                                                                • Opcode Fuzzy Hash: cf530fa63458d16339cc321344d5bae331de74766023e2588c3b19cc33c82e12
                                                                                                                                • Instruction Fuzzy Hash: B731A620F0DA4386FB54AB34E59117E22A5BF447A4F060634E96E0FBF6DE2CF8458741
                                                                                                                                Function 00007FFE01392F80 Relevance: 6.3, APIs: 5, Instructions: 84COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1452528299-0
                                                                                                                                • Opcode ID: 74ee3b7255af2df80603282a41a074ca34c48f3162f0bfb4f17de7617d99687e
                                                                                                                                • Instruction ID: 43daf31f854dcc7a961b51c1ad428316649192f8417589fa7c7e39c8a6b74d1a
                                                                                                                                • Opcode Fuzzy Hash: 74ee3b7255af2df80603282a41a074ca34c48f3162f0bfb4f17de7617d99687e
                                                                                                                                • Instruction Fuzzy Hash: 87317E20E0CA4386FB58AB35E99517D22A5BF447A4F060635E96F0FBF6DE2CF8458700
                                                                                                                                Function 00007FFE01392E40 Relevance: 6.3, APIs: 5, Instructions: 84COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1452528299-0
                                                                                                                                • Opcode ID: 1f4c3af6c73bf2d8102ddb41ecf63b91324e2d241ec9f17bd0c65061d32c1bbb
                                                                                                                                • Instruction ID: ce8ff9d4fe305a2850ba65578c0a3a4b62a93efc1ed5c091db802679e3d01cfe
                                                                                                                                • Opcode Fuzzy Hash: 1f4c3af6c73bf2d8102ddb41ecf63b91324e2d241ec9f17bd0c65061d32c1bbb
                                                                                                                                • Instruction Fuzzy Hash: 5F31A620F0DA4386FB58A731E99157E2255AF447E4F050634E96E0F7F6DE2CF8498700
                                                                                                                                Function 00007FFE0139EC70 Relevance: 6.3, APIs: 5, Instructions: 81COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFE0139EA46), ref: 00007FFE0139EC90
                                                                                                                                • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFE0139EA46), ref: 00007FFE0139ECE6
                                                                                                                                • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFE0139EA46), ref: 00007FFE0139ED5C
                                                                                                                                • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFE0139EA46), ref: 00007FFE0139ED72
                                                                                                                                • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFE0139EA46), ref: 00007FFE0139ED8B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalSection$Enter$Leave
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2801635615-0
                                                                                                                                • Opcode ID: 13c8296e469cbfe90923225cb70e1d4439e8bc9fe74f841b58539c49c5e0734b
                                                                                                                                • Instruction ID: efd9c818e3cae06659b9cf909457081845f7fa1ac9df603ae1c6cb9a623c0977
                                                                                                                                • Opcode Fuzzy Hash: 13c8296e469cbfe90923225cb70e1d4439e8bc9fe74f841b58539c49c5e0734b
                                                                                                                                • Instruction Fuzzy Hash: 4C31A122A19B8682EB54CF15E8442796794FB94BE4F1A1235D99E0B3F4DFBCE481C700
                                                                                                                                Function 00007FFE1A45A638 Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Name::operator+
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2943138195-0
                                                                                                                                • Opcode ID: cc076bc81e8f2d48ba6aefa04368e4e4f2bc5c7ef048a26b3748b4f62f7846b0
                                                                                                                                • Instruction ID: e2f86aca1f601f7042d61afb5962c07a50ea380ada2080909daca55c9a1d71c2
                                                                                                                                • Opcode Fuzzy Hash: cc076bc81e8f2d48ba6aefa04368e4e4f2bc5c7ef048a26b3748b4f62f7846b0
                                                                                                                                • Instruction Fuzzy Hash: FA914BA2F08F5289F7119B66D8443BC37B1BB04B68F5440F7DA4D176A5DF78A8A6C340
                                                                                                                                Function 00007FFE01395A30 Relevance: 6.1, APIs: 4, Instructions: 129COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$__security_init_cookie
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2222513578-0
                                                                                                                                • Opcode ID: 80bf6847748f331f579bb3edf7f785c7f356480193b5a2c45c96b1f7695188f7
                                                                                                                                • Instruction ID: 9bd60ec75fd41db3507a9687600ed318b8e474b41d2ccce3d86538583b4a3ced
                                                                                                                                • Opcode Fuzzy Hash: 80bf6847748f331f579bb3edf7f785c7f356480193b5a2c45c96b1f7695188f7
                                                                                                                                • Instruction Fuzzy Hash: CF51E520F0D34342FB6B6724A99117D6295AF497A4F1A4636D82E4F7F6DE6CFC848B00
                                                                                                                                Function 00007FFE11EA8120 Relevance: 6.1, APIs: 4, Instructions: 102threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • PyType_GetModuleState.PYTHON312(?,?,?,00000000,?,?,?,00007FFE11EA7DD1), ref: 00007FFE11EA8155
                                                                                                                                  • Part of subcall function 00007FFE11EB23C0: PyBytes_FromStringAndSize.PYTHON312(?,?,?,00007FFE11EA816F,?,?,?,00000000,?,?,?,00007FFE11EA7DD1), ref: 00007FFE11EB23F7
                                                                                                                                  • Part of subcall function 00007FFE11EB23C0: PyList_New.PYTHON312(?,?,?,00007FFE11EA816F,?,?,?,00000000,?,?,?,00007FFE11EA7DD1), ref: 00007FFE11EB240A
                                                                                                                                • PyEval_SaveThread.PYTHON312(?,?,?,00000000,?,?,?,00007FFE11EA7DD1), ref: 00007FFE11EA817C
                                                                                                                                • PyEval_RestoreThread.PYTHON312(?,?,?,00000000,?,?,?,00007FFE11EA7DD1), ref: 00007FFE11EA8195
                                                                                                                                • _Py_Dealloc.PYTHON312(?,?,?,00000000,?,?,?,00007FFE11EA7DD1), ref: 00007FFE11EA8255
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Eval_Thread$Bytes_DeallocFromList_ModuleRestoreSaveSizeStateStringType_
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2935988267-0
                                                                                                                                • Opcode ID: b031da5807da25ad0a3ba3cb35cc5f0a1efe88732de7bf57d45a2b66c52b58f5
                                                                                                                                • Instruction ID: 590d110a0fcdbc5fd32fe2d729d58063c9f3abe5e49cd5d6db2b4fcad3b42ed3
                                                                                                                                • Opcode Fuzzy Hash: b031da5807da25ad0a3ba3cb35cc5f0a1efe88732de7bf57d45a2b66c52b58f5
                                                                                                                                • Instruction Fuzzy Hash: F841A422A09E4285EB248BA6AC409BB23A8FF88BA9F140176DA0D43764DF3CE441C350
                                                                                                                                Function 00007FFE1A45D274 Relevance: 6.1, APIs: 4, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Name::operator+$Replicator::operator[]
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3863519203-0
                                                                                                                                • Opcode ID: 57265f9aaea93611d8ae4b0edf9f43af56394ecd72ecd9aef4b3b93798ee479d
                                                                                                                                • Instruction ID: 9e8a31f296105f5cfc6c94cd492f7fb90470b07ebc3ddefbf57ebb7c5ca3f9eb
                                                                                                                                • Opcode Fuzzy Hash: 57265f9aaea93611d8ae4b0edf9f43af56394ecd72ecd9aef4b3b93798ee479d
                                                                                                                                • Instruction Fuzzy Hash: 104166B2B08B4189FB01DF66D8403BC37B0BB48B68F9484B6DA8D57769DF789495C350
                                                                                                                                Function 00007FFE1151454C Relevance: 6.1, APIs: 4, Instructions: 75threadtimeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Eval_Thread$RestoreSaveTime_Timeval_clampselect
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3905867726-0
                                                                                                                                • Opcode ID: 132c99158f9a3ea89ea502ecae564c9cdf5c0a75580648827cc09a477b3f3839
                                                                                                                                • Instruction ID: 27ffabe8ba59d7c200dcd59e1ff1cfb993009a7db9da03d7b9de3f2463d8fae7
                                                                                                                                • Opcode Fuzzy Hash: 132c99158f9a3ea89ea502ecae564c9cdf5c0a75580648827cc09a477b3f3839
                                                                                                                                • Instruction Fuzzy Hash: 6131D662B08F8186E7618F26E8406A667A5FB897B8F511635DA6D43BB4DF3CD405C700
                                                                                                                                Function 00007FFE013A1150 Relevance: 6.1, APIs: 4, Instructions: 64threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FFE013A11EC: GetModuleHandleExW.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE013A1178), ref: 00007FFE013A1230
                                                                                                                                • CreateThread.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FFE013A11A1
                                                                                                                                • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FFE013D729F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateErrorHandleLastModuleThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 182981130-0
                                                                                                                                • Opcode ID: a5b4c46c7fbfc90a5948d51b1be21cada93777eb68ff9d6607fe3b31c7df1402
                                                                                                                                • Instruction ID: 035af6d704e68e82e3f34a256b9039cb961ac4b8a18ef572e492361a27e16302
                                                                                                                                • Opcode Fuzzy Hash: a5b4c46c7fbfc90a5948d51b1be21cada93777eb68ff9d6607fe3b31c7df1402
                                                                                                                                • Instruction Fuzzy Hash: 99219D25B0EB4282FF14DFA5E85007963A4BF88B84F9A0531EE4E4B7B5DE7CE8008740
                                                                                                                                Function 00007FFE01423B50 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FFE01423CD2,?,?,?,?,00007FFE013D4F23,?,?,?,00007FFE0139A756,?,?,?), ref: 00007FFE01423B8A
                                                                                                                                • FlushFileBuffers.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FFE01423CD2,?,?,?,?,00007FFE013D4F23,?,?,?,00007FFE0139A756,?,?,?), ref: 00007FFE01423BBB
                                                                                                                                  • Part of subcall function 00007FFE0139F1F0: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FFE01397594,?,?,?,00007FFE01397217,?,?,?,00007FFE0139A5D3,?,?,?,00007FFE0139A756), ref: 00007FFE0139F1FA
                                                                                                                                  • Part of subcall function 00007FFE0139F1F0: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FFE01397594,?,?,?,00007FFE01397217,?,?,?,00007FFE0139A5D3,?,?,?,00007FFE0139A756), ref: 00007FFE0139F240
                                                                                                                                • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FFE01423CD2,?,?,?,?,00007FFE013D4F23,?,?,?,00007FFE0139A756,?,?,?), ref: 00007FFE01423BCF
                                                                                                                                • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FFE01423CD2,?,?,?,?,00007FFE013D4F23,?,?,?,00007FFE0139A756,?,?,?), ref: 00007FFE01423BFE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$CriticalSection$BuffersEnterFileFlushLeave
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1312186065-0
                                                                                                                                • Opcode ID: dda621dce4546ef8d4b62c8d56ae609822c4479e3767a83f07bbc17b3138389e
                                                                                                                                • Instruction ID: 79a717c5422c7b8548ac1b655bc1bbd9fb485ede31d33d466a326220b965d882
                                                                                                                                • Opcode Fuzzy Hash: dda621dce4546ef8d4b62c8d56ae609822c4479e3767a83f07bbc17b3138389e
                                                                                                                                • Instruction Fuzzy Hash: 6421CD72A25F8A82DF10DF19E4941696361FB98F88B845231EB4E4B3B9DF3CE094C300
                                                                                                                                Function 00007FFE11515684 Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Eval_Thread$Err_RestoreSaveStringgetpeernamememset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1387529023-0
                                                                                                                                • Opcode ID: d333ced5451af9c47f1d40d52a0f7a17ea8ca670dc3e75ab6e25fc5b6f2c5c02
                                                                                                                                • Instruction ID: b6cf0e5c980a7e57486871ef023bfb9fa41b1157832ff66d7251b9aa8a9c9b64
                                                                                                                                • Opcode Fuzzy Hash: d333ced5451af9c47f1d40d52a0f7a17ea8ca670dc3e75ab6e25fc5b6f2c5c02
                                                                                                                                • Instruction Fuzzy Hash: 38112166A1CFC2C2EB319B62F0413AA6366FB88794F445172DA8E17A79DF7CE145C700
                                                                                                                                Function 00007FFE11515744 Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Eval_Thread$Err_RestoreSaveStringgetsocknamememset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 772546412-0
                                                                                                                                • Opcode ID: 331c56e1a5d5b6d9b8728b9afc51924fc515e080c38d2058f0a06873dd37f908
                                                                                                                                • Instruction ID: e852423ad8f67c85e1ad136eaeadf7efb184d1195b3343bd399917e3738ec9cb
                                                                                                                                • Opcode Fuzzy Hash: 331c56e1a5d5b6d9b8728b9afc51924fc515e080c38d2058f0a06873dd37f908
                                                                                                                                • Instruction Fuzzy Hash: BA112166A1CFC2C2EB319B62F0413AA6366FB887A4F045172DA8D17A75DF7CE145C700
                                                                                                                                Function 00007FFE11EA748C Relevance: 6.0, APIs: 4, Instructions: 40threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DeallocFreeMem_Thread_free_lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2783890233-0
                                                                                                                                • Opcode ID: 241b2464845ba90ef22225749f9bdab0b32c8749fa1bfe864e75294d390d78d3
                                                                                                                                • Instruction ID: ce5b56e4389db3127e1b435601dcc6b09f64e2f6a97fb27607b2a9a02bb35962
                                                                                                                                • Opcode Fuzzy Hash: 241b2464845ba90ef22225749f9bdab0b32c8749fa1bfe864e75294d390d78d3
                                                                                                                                • Instruction Fuzzy Hash: 6F117922E49D4286EB59CFA3FD5437A33A8FF44BA5F1840B1C60F466B08F2DA4A5C300
                                                                                                                                Function 00007FFE130C2F84 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938510031.00007FFE130C1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938494029.00007FFE130C0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938526688.00007FFE130C4000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938542624.00007FFE130C6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938561193.00007FFE130C7000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe130c0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                • Opcode ID: 82b165f8251c8205f418dcf9eff9a9c6bd82e1a31987b624f3b9e3a573322e70
                                                                                                                                • Instruction ID: 84c66c5072c7452c6b788b4f13cccb3efa03707c7a9b5dd4712229c45a14747d
                                                                                                                                • Opcode Fuzzy Hash: 82b165f8251c8205f418dcf9eff9a9c6bd82e1a31987b624f3b9e3a573322e70
                                                                                                                                • Instruction Fuzzy Hash: 7B112E22B54F0589EB00CF61E8542B933B4F729768F950DB1DA6DA67B4DF78E1988340
                                                                                                                                Function 00007FFE11EB383C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                • Opcode ID: 9f45f47aa0c574cbc5e61ae9618a0ea9e430d20d27403f3b7bab5d5648c5a6ee
                                                                                                                                • Instruction ID: 2c161a4c04e577f29da5e604a2615c8ffb0035af6c73befc177f5d8705e928bc
                                                                                                                                • Opcode Fuzzy Hash: 9f45f47aa0c574cbc5e61ae9618a0ea9e430d20d27403f3b7bab5d5648c5a6ee
                                                                                                                                • Instruction Fuzzy Hash: 1D112E26B54F0189EB00CFA1EC552B933B8F719768F441D35DA6D467A4DF7CE1588340
                                                                                                                                Function 00007FFE1A4609FC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                • Opcode ID: 74344bb322e65ea4bb1ed5ded81f371800f489492d84809563666ba838173471
                                                                                                                                • Instruction ID: 33dffdaf724ecdefb08a3f1d2a2de64897ed55664a948e8fbf907ee1024d40a7
                                                                                                                                • Opcode Fuzzy Hash: 74344bb322e65ea4bb1ed5ded81f371800f489492d84809563666ba838173471
                                                                                                                                • Instruction Fuzzy Hash: 7E113022B18F418AEB00CF61E8542B833B4F759B68F440E72DA6D477A8DF7CE1688340
                                                                                                                                Function 00007FFE1330166C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938594897.00007FFE13301000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938578259.00007FFE13300000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938612939.00007FFE13303000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938629391.00007FFE13305000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938646123.00007FFE13306000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                • Opcode ID: 9c853473a29be10e18c41db3475ffbe93156bbd5e1d3e33e9fbd1863b34337d1
                                                                                                                                • Instruction ID: d96bc2daddb5156514f4dd775e68ffbd56cc25b73134a83150d14bfa2986ce0b
                                                                                                                                • Opcode Fuzzy Hash: 9c853473a29be10e18c41db3475ffbe93156bbd5e1d3e33e9fbd1863b34337d1
                                                                                                                                • Instruction Fuzzy Hash: 53113026B19F018DEB00CF61E8542BD33A4FB29768F441D31DA6D567A4DF7CD1588344
                                                                                                                                Function 00007FFE11512F4C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                • Opcode ID: c078feb60dcaa47ac6474724f16ee69659723c0569e8a68c8bd7eb9cde73f689
                                                                                                                                • Instruction ID: 16a0c57033ba829f9770567e39c710266c34a71d9d45145644669ee329a2333b
                                                                                                                                • Opcode Fuzzy Hash: c078feb60dcaa47ac6474724f16ee69659723c0569e8a68c8bd7eb9cde73f689
                                                                                                                                • Instruction Fuzzy Hash: 78111826B14F018AEB00DB71E8952B933B8FB59768F441A31DA6D867B4EF7CD1988340
                                                                                                                                Function 00007FFE0139C5BC Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 237COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FFE01392900: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE013F2861), ref: 00007FFE0139290A
                                                                                                                                  • Part of subcall function 00007FFE01392900: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE013F2861), ref: 00007FFE01392950
                                                                                                                                • GetACP.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,00000092,?,?,?,?,00007FFE0138FA5B), ref: 00007FFE0139C661
                                                                                                                                • IsValidCodePage.API-MS-WIN-CORE-LOCALIZATION-L1-2-0 ref: 00007FFE0139C67F
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$CodePageValid
                                                                                                                                • String ID: utf8
                                                                                                                                • API String ID: 943130320-905460609
                                                                                                                                • Opcode ID: a1b9c38fbbb88349f7fd5a6c21530e343503cacf08c1f65a8fa259db4b71df2e
                                                                                                                                • Instruction ID: f35d0b0a40abcc3fdf6a8b7cb306fa25dd0c6be949b72903cce9ad28c52a3a58
                                                                                                                                • Opcode Fuzzy Hash: a1b9c38fbbb88349f7fd5a6c21530e343503cacf08c1f65a8fa259db4b71df2e
                                                                                                                                • Instruction Fuzzy Hash: D1918B22A0868786FB609F21D8546BE26A8BF44B98F465131DE4D5F6B1EF3CE946C340
                                                                                                                                Function 00007FFE1A45F670 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentImageNonwritableUnwind
                                                                                                                                • String ID: csm
                                                                                                                                • API String ID: 451473138-1018135373
                                                                                                                                • Opcode ID: 88d75f8372be57577a220e465c4aa8d65e851ebfefcdd899ecde71752cd89d28
                                                                                                                                • Instruction ID: 3e254eb058274db80f329d4f6bdb0b1a4564a01dbbbef0ed088735ea23cff000
                                                                                                                                • Opcode Fuzzy Hash: 88d75f8372be57577a220e465c4aa8d65e851ebfefcdd899ecde71752cd89d28
                                                                                                                                • Instruction Fuzzy Hash: 7A51D572B19A028ADB18EB17E444A7C73A1EB44FA4F1081F6DA5D437A8DF3DE861C701
                                                                                                                                Function 00007FFE013AA400 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 133COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _handle_error
                                                                                                                                • String ID: !$fmod
                                                                                                                                • API String ID: 1757819995-3213614193
                                                                                                                                • Opcode ID: 9594e93d67916e3089a32797a5ef1f6c1e779e4e1450da6f11e5191fcb85c646
                                                                                                                                • Instruction ID: 157663a3a506619888bb59ec9e235c9158447f324dd77ff164e73c0c32d7494b
                                                                                                                                • Opcode Fuzzy Hash: 9594e93d67916e3089a32797a5ef1f6c1e779e4e1450da6f11e5191fcb85c646
                                                                                                                                • Instruction Fuzzy Hash: 8351E812D2DF8189E3635B7190157B5B798AFA23C0F829332E94E3A5B1DF2DB1138604
                                                                                                                                Function 00007FFE1A454E40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: abort$CreateFrameInfo
                                                                                                                                • String ID: csm
                                                                                                                                • API String ID: 2697087660-1018135373
                                                                                                                                • Opcode ID: a8b8ee24cb783e7d293a6e1db454b28b1bfc46eb23a73e5049af87221528bbc6
                                                                                                                                • Instruction ID: 6c548b89e410d91d6acf8a4d69b70324756b5b1b9ef40ebb5ab467b027ff0735
                                                                                                                                • Opcode Fuzzy Hash: a8b8ee24cb783e7d293a6e1db454b28b1bfc46eb23a73e5049af87221528bbc6
                                                                                                                                • Instruction Fuzzy Hash: 1F511C73719B4186D660AB26E44027E77A4FB89FA1F1401B6EB8D47B65CF3CE461CB01
                                                                                                                                Function 00007FFE0139C3E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FFE0138D610: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FFE01392DE9,?,?,?,00007FFE013D3A07,?,?,?,?,00007FFE0139720A,?,?,?), ref: 00007FFE0138D658
                                                                                                                                • InitializeCriticalSectionAndSpinCount.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00007FFE0139ED3E,?,?,?,?,?,00007FFE0139EA46), ref: 00007FFE013D5BFA
                                                                                                                                • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,?,00007FFE0139ED3E,?,?,?,?,?,00007FFE0139EA46), ref: 00007FFE013D5C10
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressAllocCountCriticalHeapInitializeProcSectionSpin
                                                                                                                                • String ID: InitializeCriticalSectionEx
                                                                                                                                • API String ID: 1188775705-3084827643
                                                                                                                                • Opcode ID: c0b4ad56a02261d26642c04bf8cb09cf74c2ff9631d4101eaa7aa1f9bd0b5d53
                                                                                                                                • Instruction ID: 3d95867234debb44ec80e18553341e8901c763c94cf8334bc47256db9b86de1d
                                                                                                                                • Opcode Fuzzy Hash: c0b4ad56a02261d26642c04bf8cb09cf74c2ff9631d4101eaa7aa1f9bd0b5d53
                                                                                                                                • Instruction Fuzzy Hash: EF41DE22B19B4282EB159B59E85027833A0FB457A4F855735EAAD5B7F4DF3CF816C300
                                                                                                                                Function 00007FFE01426500 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorFileLastWrite
                                                                                                                                • String ID: U
                                                                                                                                • API String ID: 442123175-4171548499
                                                                                                                                • Opcode ID: d8b304d1ba259a88f3b7490107207db4540db0dc939a48cc8eaea431c50e3fb6
                                                                                                                                • Instruction ID: 1b49a0a2e67f091003677a582a8a1a9fe963e3cb8fbd8915f8c34d8bb03e5e73
                                                                                                                                • Opcode Fuzzy Hash: d8b304d1ba259a88f3b7490107207db4540db0dc939a48cc8eaea431c50e3fb6
                                                                                                                                • Instruction Fuzzy Hash: 4441B572B19A4185EB208F65E4443ADB7A1FB98B94F814131EE4D8B7B8DF3CD481CB41
                                                                                                                                Function 00007FFE0EA72AF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936942642.00007FFE0EA71000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FFE0EA70000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936928583.00007FFE0EA70000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936956825.00007FFE0EA73000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936970557.00007FFE0EA74000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936984077.00007FFE0EA75000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe0ea70000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _wassert
                                                                                                                                • String ID: (idx>=1) && (idx<=10)$src/AESNI.c
                                                                                                                                • API String ID: 3234217646-2495715787
                                                                                                                                • Opcode ID: f34cea9cfd06ae8d0bacecc527501edc0e611be2f02bd286901079fb247b3b81
                                                                                                                                • Instruction ID: b528da3bf28abb6d3c10ff17910d818049935ddb0a2be945f4ec60f18ec61905
                                                                                                                                • Opcode Fuzzy Hash: f34cea9cfd06ae8d0bacecc527501edc0e611be2f02bd286901079fb247b3b81
                                                                                                                                • Instruction Fuzzy Hash: 0621327390D3C14BD7028F3594990987FB0EB96B50B9AC1BAC2D483612EA9C98CBC711
                                                                                                                                Function 00007FFE013C1620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: EntryInterlockedListNamePush__un
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 524438517-3916222277
                                                                                                                                • Opcode ID: e41d497225cde52b0ab13a8d295de25a175a81526d6415c0a7e7937b6b353a80
                                                                                                                                • Instruction ID: 8893ff833906adabd76a715271ffc9daadb2c230648765201fc0a43a5c61b946
                                                                                                                                • Opcode Fuzzy Hash: e41d497225cde52b0ab13a8d295de25a175a81526d6415c0a7e7937b6b353a80
                                                                                                                                • Instruction Fuzzy Hash: 97312822B19B5690FB15DF2694085B92394FF08FE4F5A8632DE2D0B3A5DE3DD842C340
                                                                                                                                Function 00007FFE0138173C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,?,00000000,?,00007FFE01381718), ref: 00007FFE013817A3
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressProc
                                                                                                                                • String ID: EnumSystemLocalesEx$IsValidLocaleName
                                                                                                                                • API String ID: 190572456-1098237698
                                                                                                                                • Opcode ID: ffccf2b07cb19d4b7826764400d7a5f246e3ffa5e570d01e79c8653424bcd810
                                                                                                                                • Instruction ID: c3c1ccdc1dfcad5ef09b9622f33a2859643f52bb6bafc1c02e7c686e1e1cbd19
                                                                                                                                • Opcode Fuzzy Hash: ffccf2b07cb19d4b7826764400d7a5f246e3ffa5e570d01e79c8653424bcd810
                                                                                                                                • Instruction Fuzzy Hash: 78318B72A09B0282FB049B15E8506B963A1AF55794F465136EE5C4F7B4EF7CF409C780
                                                                                                                                Function 00007FFE013B8BD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _handle_errorf
                                                                                                                                • String ID: "$powf
                                                                                                                                • API String ID: 2315412904-603753351
                                                                                                                                • Opcode ID: 7d9049be05b4b7f084db7b3a9fea6bb6d49b1df2a3d2a47f73de8c6ce17311df
                                                                                                                                • Instruction ID: e56422bc3a6478092caead34528630b3fe9d65187bff86e833f82c2471e98007
                                                                                                                                • Opcode Fuzzy Hash: 7d9049be05b4b7f084db7b3a9fea6bb6d49b1df2a3d2a47f73de8c6ce17311df
                                                                                                                                • Instruction Fuzzy Hash: 67414373D28681DBD370CF22E4847AAB6A0F7A9388F11132AF749069A4DF7DC554AB40
                                                                                                                                Function 00007FFE013EDEDC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE013ED6ED,?,?,?,?,?,?,?,?,?,00007FFE013EF23F), ref: 00007FFE013EDF56
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressProc
                                                                                                                                • String ID: IsValidLocaleName$LocaleNameToLCID
                                                                                                                                • API String ID: 190572456-1205873579
                                                                                                                                • Opcode ID: a6681d99a1396304a631d46f2bd7821f4b424c3a5ebbb3bab3d73182fedd9770
                                                                                                                                • Instruction ID: 45803cfcb97282d3d2c512a3b83555957bf1a0e5dd195b8f88c33a0e61131bbd
                                                                                                                                • Opcode Fuzzy Hash: a6681d99a1396304a631d46f2bd7821f4b424c3a5ebbb3bab3d73182fedd9770
                                                                                                                                • Instruction Fuzzy Hash: 5E31BF61B0DB4246FB08DB99E45027562D0AF187D4F4A5135EE1D5B7F8EF2CF80A8240
                                                                                                                                Function 00007FFE0139A200 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,00002000,00007FFE013993D1,?,?,00000000,00007FFE01399319,?,?,?,00007FFE01399088), ref: 00007FFE0139A283
                                                                                                                                • InitializeCriticalSectionAndSpinCount.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00002000,00007FFE013993D1,?,?,00000000,00007FFE01399319,?,?,?,00007FFE01399088), ref: 00007FFE013D4E25
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressCountCriticalInitializeProcSectionSpin
                                                                                                                                • String ID: InitializeCriticalSectionEx
                                                                                                                                • API String ID: 1498394645-3084827643
                                                                                                                                • Opcode ID: 909cbea8ef6e0169b8147f9c897fcf70ffcd4c43e8c559146e0a9d6b551cb605
                                                                                                                                • Instruction ID: 5306919ce4cce0f3034be30ce99c0ebd34f971b201e1232a30b86a6380d5457c
                                                                                                                                • Opcode Fuzzy Hash: 909cbea8ef6e0169b8147f9c897fcf70ffcd4c43e8c559146e0a9d6b551cb605
                                                                                                                                • Instruction Fuzzy Hash: F821B261B1DA5282FB549755F8205752391AF45BD8F056235EC6D4FBF8EE2CF8058340
                                                                                                                                Function 00007FFE01381818 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressLocaleProcValid
                                                                                                                                • String ID: IsValidLocaleName
                                                                                                                                • API String ID: 2003423906-4210551052
                                                                                                                                • Opcode ID: 9ff177aa93375c2c15432ad7ee566988a04c92294dfadf1e68a378e6e57af62a
                                                                                                                                • Instruction ID: 0a3e92c44b1582ddbbdc59b542e58e7b0268e5a7e29d6f9f20a9106fc45156ff
                                                                                                                                • Opcode Fuzzy Hash: 9ff177aa93375c2c15432ad7ee566988a04c92294dfadf1e68a378e6e57af62a
                                                                                                                                • Instruction Fuzzy Hash: FB215E21A1D61342FB488795E8611B522A1AF59BD8F06A235ED2D4F7F8EE2CF9458340
                                                                                                                                Function 00007FFE1A45A524 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Name::operator+
                                                                                                                                • String ID: void$void
                                                                                                                                • API String ID: 2943138195-3746155364
                                                                                                                                • Opcode ID: d81aed41cb4c8c5c69bd061dfd49733f36ea67ee8bb27e73bf8cb873ba0293ca
                                                                                                                                • Instruction ID: 6a3847a797ea34b0243600d97617f3cdeba82360af4f26f101c998dbfe1bd0e4
                                                                                                                                • Opcode Fuzzy Hash: d81aed41cb4c8c5c69bd061dfd49733f36ea67ee8bb27e73bf8cb873ba0293ca
                                                                                                                                • Instruction Fuzzy Hash: 373105A2F18B559DFB01DBA5E8400FC37B0BB48B58F4405B6EA4E53A69DF3C9164C750
                                                                                                                                Function 00007FFE013A1BC8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE0138FA1D), ref: 00007FFE013A1C2B
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressProc
                                                                                                                                • String ID: AppPolicyGetThreadInitializationType$CompareStringEx
                                                                                                                                • API String ID: 190572456-1200376162
                                                                                                                                • Opcode ID: b1771694109b89f51a7c1ff2eb7052fff5a9407e5ec637e161e4cc14a56340ac
                                                                                                                                • Instruction ID: bf56bfb204e4a180af81aa9d76a5a7dd0a5b0520eb8e3e1ad78bd9cec4b34345
                                                                                                                                • Opcode Fuzzy Hash: b1771694109b89f51a7c1ff2eb7052fff5a9407e5ec637e161e4cc14a56340ac
                                                                                                                                • Instruction Fuzzy Hash: 8B21CD61F19A0382FF548BA8A860AB453A19F147D8F896135EC2D4F7B4EE2CF9448340
                                                                                                                                Function 00007FFE11514B20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FFE1151857C: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFE115185C0
                                                                                                                                • PyErr_SetString.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFE11513F6E), ref: 00007FFE11514BFB
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_String__stdio_common_vsscanf
                                                                                                                                • String ID: %X:%X:%X:%X:%X:%X%c$bad bluetooth address
                                                                                                                                • API String ID: 3283897942-3956635471
                                                                                                                                • Opcode ID: 757c43a982a377d2e6e1a6674c9894cc2490a94952b4447fd658baee6f71c720
                                                                                                                                • Instruction ID: 0c2015c03009c47d769fcb83f35546277d5faa843e6de91901d1ef4c85eb23ae
                                                                                                                                • Opcode Fuzzy Hash: 757c43a982a377d2e6e1a6674c9894cc2490a94952b4447fd658baee6f71c720
                                                                                                                                • Instruction Fuzzy Hash: 9821AC7671CE8196EB11CB02E8881AC73AAF7487E0F518136EAAC47B68DF3DD854C710
                                                                                                                                Function 00007FFE013B8AA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _handle_error
                                                                                                                                • String ID: "$pow
                                                                                                                                • API String ID: 1757819995-713443511
                                                                                                                                • Opcode ID: 6a6546b053f3095f7553861cb60331afb3cd7c732f5385389e78b38376567982
                                                                                                                                • Instruction ID: 424cb4ae33d06b8d21800957d2c96b2d3b17eb493d71eb99593266611d955444
                                                                                                                                • Opcode Fuzzy Hash: 6a6546b053f3095f7553861cb60331afb3cd7c732f5385389e78b38376567982
                                                                                                                                • Instruction Fuzzy Hash: 012141B2D1CAC587D370CF24E08466BBAB0FBDA344F211326F7890AA64DBBDD1459B04
                                                                                                                                Function 00007FFE101D1EB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _wassert.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,00007FFE101D1E02), ref: 00007FFE101D1EF4
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937326239.00007FFE101D1000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFE101D0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937311108.00007FFE101D0000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937341468.00007FFE101D3000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937356318.00007FFE101D4000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937371175.00007FFE101D5000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe101d0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _wassert
                                                                                                                                • String ID: (void*)in != (void*)out$src/scrypt.c
                                                                                                                                • API String ID: 3234217646-1092544927
                                                                                                                                • Opcode ID: b1a4e3b3e2a0e0797d6cdbaf5825b108bf68dc55db4e2b5cc03aba4bda832255
                                                                                                                                • Instruction ID: 1920e00c3be6b3e2602746d1f8fa899747039df1952211950012d3a7e3e1975b
                                                                                                                                • Opcode Fuzzy Hash: b1a4e3b3e2a0e0797d6cdbaf5825b108bf68dc55db4e2b5cc03aba4bda832255
                                                                                                                                • Instruction Fuzzy Hash: CF117062B04E9183EA148B47F8442AAA660FB94BD0F494476EF9D47B64DE3CD546C704
                                                                                                                                Function 00007FFE1A45676F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileHeader$ExceptionRaise
                                                                                                                                • String ID: Access violation - no RTTI data!$Bad dynamic_cast!
                                                                                                                                • API String ID: 3685223789-3176238549
                                                                                                                                • Opcode ID: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                                                                                                                • Instruction ID: 17a2e61351ae8dc12e7991a8cfa1d336490933007049f6bf365d772dc3632de2
                                                                                                                                • Opcode Fuzzy Hash: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                                                                                                                • Instruction Fuzzy Hash: 690175A1B19D46A1EE40EB16F450178A360FF80F64F4854F3E51E07679EF6CE568C700
                                                                                                                                Function 00007FFE1A456B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                                                                • String ID: csm
                                                                                                                                • API String ID: 2573137834-1018135373
                                                                                                                                • Opcode ID: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                                                                                                                • Instruction ID: cbebe9d87d3f32192772af2eaa90a002eec98cf13a5b03ff9fcc6ff7f3e1d358
                                                                                                                                • Opcode Fuzzy Hash: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                                                                                                                • Instruction Fuzzy Hash: 86112E72618F8182EB618B16F840269B7E5FB88F99F5842B1DF8C07768DF3DD5618700
                                                                                                                                Function 00007FFE11515358 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FFE11513D80: PyErr_Format.PYTHON312 ref: 00007FFE11514102
                                                                                                                                • PySys_Audit.PYTHON312 ref: 00007FFE115153B0
                                                                                                                                  • Part of subcall function 00007FFE1151442C: PyEval_SaveThread.PYTHON312 ref: 00007FFE1151444A
                                                                                                                                  • Part of subcall function 00007FFE1151442C: connect.WS2_32 ref: 00007FFE1151445D
                                                                                                                                  • Part of subcall function 00007FFE1151442C: PyEval_RestoreThread.PYTHON312 ref: 00007FFE11514468
                                                                                                                                  • Part of subcall function 00007FFE1151442C: WSAGetLastError.WS2_32 ref: 00007FFE11514476
                                                                                                                                  • Part of subcall function 00007FFE1151442C: WSAGetLastError.WS2_32 ref: 00007FFE11514482
                                                                                                                                  • Part of subcall function 00007FFE1151442C: PyErr_CheckSignals.PYTHON312 ref: 00007FFE1151448F
                                                                                                                                  • Part of subcall function 00007FFE1151442C: WSASetLastError.WS2_32 ref: 00007FFE115144CC
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$Err_Eval_Thread$AuditCheckFormatRestoreSaveSignalsSys_connect
                                                                                                                                • String ID: connect$socket.connect
                                                                                                                                • API String ID: 2206401578-326844852
                                                                                                                                • Opcode ID: 6328d35a7a5ebb17eb66f0d37f02297ffde66ec9a7956e232188b9311fc926bd
                                                                                                                                • Instruction ID: a7cf99122bd5fd964ee23ad2691a32bf0f1a0ad4405d8a8a0f3c73540e92d0ac
                                                                                                                                • Opcode Fuzzy Hash: 6328d35a7a5ebb17eb66f0d37f02297ffde66ec9a7956e232188b9311fc926bd
                                                                                                                                • Instruction Fuzzy Hash: 33115E2171CE8281E7229B23F4407AA636AFF457E8F440072DA4D47A75EE7CE544C700
                                                                                                                                Function 00007FFE013B9070 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _handle_error_raise_exc
                                                                                                                                • String ID: !$cos
                                                                                                                                • API String ID: 1935476177-1949035351
                                                                                                                                • Opcode ID: 1484d0b5ffbe851904d8205c7df7cf5da97ca319d906c301c6c44701fd354b64
                                                                                                                                • Instruction ID: a32676abe48bab36c30558e7705b883ab1649fb03326767d9a7062d563cf140f
                                                                                                                                • Opcode Fuzzy Hash: 1484d0b5ffbe851904d8205c7df7cf5da97ca319d906c301c6c44701fd354b64
                                                                                                                                • Instruction Fuzzy Hash: CF019272A18B8582DB14CF22A8403766162FF9A7D8F104334EB5D1BB99EF7CE1509B00
                                                                                                                                Function 00007FFE013B9090 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _handle_errorf_raise_excf
                                                                                                                                • String ID: !$cosf
                                                                                                                                • API String ID: 3848079588-2208875612
                                                                                                                                • Opcode ID: 6d660574a6daef804eef7dfa845e6527840e46695afe343621e211181e8e6ee1
                                                                                                                                • Instruction ID: 84ce27a7f83ee2da4485220f73bc7a37168af37fdde2d984565e9cbe5d3e3d3b
                                                                                                                                • Opcode Fuzzy Hash: 6d660574a6daef804eef7dfa845e6527840e46695afe343621e211181e8e6ee1
                                                                                                                                • Instruction Fuzzy Hash: 2301B9B291CA4187F314CB26A48437AB991FBD4388F314229F7450AA78EB7CD5816F00
                                                                                                                                Function 00007FFE013B90B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _handle_error_raise_exc
                                                                                                                                • String ID: !$sin
                                                                                                                                • API String ID: 1935476177-1565623160
                                                                                                                                • Opcode ID: 15776cdf7e7771a0a0892c17dc8b27b35bcd0c59846728f0e4c1eb6cb7fe8e0b
                                                                                                                                • Instruction ID: d3a81c1188ec25f0b81e4e78a38d5d2c945dfc1fa6549e882245cc1187f8e39e
                                                                                                                                • Opcode Fuzzy Hash: 15776cdf7e7771a0a0892c17dc8b27b35bcd0c59846728f0e4c1eb6cb7fe8e0b
                                                                                                                                • Instruction Fuzzy Hash: 88018472E18B8582DB15CF22D84037A6262BFDA7D8F504325EB5D1ABA9EF7CD1405B00
                                                                                                                                Function 00007FFE013B4CE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _handle_errorf
                                                                                                                                • String ID: "$expf
                                                                                                                                • API String ID: 2315412904-303238936
                                                                                                                                • Opcode ID: 822081cbaf68a110ada4c82865af82fbb3eb85db9afd55585c3f874f912543b6
                                                                                                                                • Instruction ID: b73caf599a811fd9f8a5e99f06f41660466b807d042d384dd309de64ce880437
                                                                                                                                • Opcode Fuzzy Hash: 822081cbaf68a110ada4c82865af82fbb3eb85db9afd55585c3f874f912543b6
                                                                                                                                • Instruction Fuzzy Hash: 63018272928AC486E330CB21D4893AAB6A0FFE5344F605319E784166B1DF7DD495AB00
                                                                                                                                Function 00007FFE013B9200 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _handle_errorf_raise_excf
                                                                                                                                • String ID: !$sinf
                                                                                                                                • API String ID: 3848079588-676365165
                                                                                                                                • Opcode ID: 87baaba2b3233784b5bab0be6761438bc72616c16a81b8b5cc63b73ea8544fda
                                                                                                                                • Instruction ID: 2ba2df9548322906a389cc08c80ebf7ea96cfcf30953f180818de80a84ba99c7
                                                                                                                                • Opcode Fuzzy Hash: 87baaba2b3233784b5bab0be6761438bc72616c16a81b8b5cc63b73ea8544fda
                                                                                                                                • Instruction Fuzzy Hash: DD018D7291C68587F314CB26E88436AB991FBD5788F304325E7454BA78DF7CD5805F00
                                                                                                                                Function 00007FFE013B4C40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _handle_error
                                                                                                                                • String ID: "$exp
                                                                                                                                • API String ID: 1757819995-2878093337
                                                                                                                                • Opcode ID: 9942037f99cfb6897b16c6bdf4135bb36f46dc2229e9285eb54b39d86f1d670c
                                                                                                                                • Instruction ID: d8015a53d037e332174b76de1afa4ff4dfd65c7bc0f8db9f80823b2a5e8839f1
                                                                                                                                • Opcode Fuzzy Hash: 9942037f99cfb6897b16c6bdf4135bb36f46dc2229e9285eb54b39d86f1d670c
                                                                                                                                • Instruction Fuzzy Hash: 8701C436938B8883E720CF24D0892AA77A0FFEA704F201315E7451A670DB7DD4C59B00
                                                                                                                                Function 00007FFE11514198 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2937962236.00007FFE11511000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11510000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2937944561.00007FFE11510000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2937979185.00007FFE11519000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938006495.00007FFE11521000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938023263.00007FFE11523000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11510000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Err_String
                                                                                                                                • String ID: getsockaddrlen: bad family$getsockaddrlen: unknown BT protocol
                                                                                                                                • API String ID: 1450464846-3381576205
                                                                                                                                • Opcode ID: 61f6dba2baf4e8a6a13b83a508e2d01ce448c277784260ee3ff2a69e2c2da47f
                                                                                                                                • Instruction ID: 489cbd9a4cdb2f6feabe1a25229bd656ad8558c77204f4e238c115449dffb27f
                                                                                                                                • Opcode Fuzzy Hash: 61f6dba2baf4e8a6a13b83a508e2d01ce448c277784260ee3ff2a69e2c2da47f
                                                                                                                                • Instruction Fuzzy Hash: 110131B5E48D02C5F7274F0AD88427C2AABAB65720F6064B1C50E861F0DF7DA8D69741
                                                                                                                                Function 00007FFE013B9000 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _handle_error_raise_exc
                                                                                                                                • String ID: !$remainder
                                                                                                                                • API String ID: 1935476177-2737868549
                                                                                                                                • Opcode ID: bae04a15d8fe45e52485102ce287ed46cf761f668d0f94f2c5930b1148296e41
                                                                                                                                • Instruction ID: 1f1f397edecf3cabf05d90838c34b28dcb173459d45fb49836c59ffc4d309a24
                                                                                                                                • Opcode Fuzzy Hash: bae04a15d8fe45e52485102ce287ed46cf761f668d0f94f2c5930b1148296e41
                                                                                                                                • Instruction Fuzzy Hash: 49F06D72C28A8483E320DF24E4826AAB7B0FFEA358F515315FB8816575DB7DD1868F00
                                                                                                                                Function 00007FFE1A45F420 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FFE1A456E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A4529EE), ref: 00007FFE1A456E56
                                                                                                                                • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A45F45A
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: abortterminate
                                                                                                                                • String ID: csm$f
                                                                                                                                • API String ID: 661698970-629598281
                                                                                                                                • Opcode ID: f31257b661c57643b6b4b1793288747ab2a9155158c122d579431834bbccefac
                                                                                                                                • Instruction ID: 466f39f7d2c6ad8747c7229578763f3ef958adfb448de98c0d7c4ff533c0d341
                                                                                                                                • Opcode Fuzzy Hash: f31257b661c57643b6b4b1793288747ab2a9155158c122d579431834bbccefac
                                                                                                                                • Instruction Fuzzy Hash: 70E06C71E08B5141DB507B23B14017D6664AF56F75F1480F6DB4807666CF3CD4B08702
                                                                                                                                Function 00007FFE013C97B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • try_get_function.LIBVCRUNTIME ref: 00007FFE013C97E1
                                                                                                                                • TlsSetValue.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,?,00007FFE013C8FED,?,?,?,?,00007FFE013C8E11,?,?,?,?,00007FFE01397024), ref: 00007FFE013C97F8
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Valuetry_get_function
                                                                                                                                • String ID: FlsSetValue
                                                                                                                                • API String ID: 738293619-3750699315
                                                                                                                                • Opcode ID: 857b4bba2ea376bd7702fd70110b0ef6706ad2a1eb32f75c1de48caa37b9331b
                                                                                                                                • Instruction ID: 33df95a462b49f3042f9adf3a46bfaddcadbc30183be06da009d8c9d8856dbb4
                                                                                                                                • Opcode Fuzzy Hash: 857b4bba2ea376bd7702fd70110b0ef6706ad2a1eb32f75c1de48caa37b9331b
                                                                                                                                • Instruction Fuzzy Hash: 92E09262A0DA4392FB545F54F8805F83262EF48794F5E4032D92E1E3B4CE7CE885C310
                                                                                                                                Function 00007FFE0138C3C4 Relevance: 5.3, APIs: 4, Instructions: 265COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,?,?,?,00000000,00000000,?,?,00000000,00007FFE0138C2E1), ref: 00007FFE0138C506
                                                                                                                                • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,?,?,?,00000000,00000000,?,?,00000000,00007FFE0138C2E1), ref: 00007FFE0138C559
                                                                                                                                • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,00000000,00000000,?,?,00000000,00007FFE0138C2E1), ref: 00007FFE013D0A37
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2936598900.00007FFE01381000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE01380000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2936583511.00007FFE01380000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936654293.00007FFE01435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936681696.00007FFE0146F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2936696034.00007FFE01472000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe01380000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1717984340-0
                                                                                                                                • Opcode ID: 051a976b41ae5000dd40afa6a0ea54f0385873d016dffbb0923626a41e3e7557
                                                                                                                                • Instruction ID: 0ca9ae774e523c8e04c783158ae3640dbf40816877754bdab97e56832c288a03
                                                                                                                                • Opcode Fuzzy Hash: 051a976b41ae5000dd40afa6a0ea54f0385873d016dffbb0923626a41e3e7557
                                                                                                                                • Instruction Fuzzy Hash: ABB10B61E0C75285FB795B69A4905BD66D0FF44B54F265336EA9E0FAF0CE3CA4C04322
                                                                                                                                Function 00007FFE11EA9B10 Relevance: 5.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938193676.00007FFE11EA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938178726.00007FFE11EA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EB8000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938214377.00007FFE11EBC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938247018.00007FFE11EC4000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938262044.00007FFE11EC5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe11ea0000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcpy$memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1283327689-0
                                                                                                                                • Opcode ID: d17e2eabd8e92c8e12be4c81d0eba13f50a3079c5b22873163c7b313a979dc67
                                                                                                                                • Instruction ID: a7ddb0cf319dfa0266e3989f44205fb80c9a3c85c1d31e76f4cba57ba4f5ed2c
                                                                                                                                • Opcode Fuzzy Hash: d17e2eabd8e92c8e12be4c81d0eba13f50a3079c5b22873163c7b313a979dc67
                                                                                                                                • Instruction Fuzzy Hash: 92210332B18A4583D7109F67A80406EB7A5FB14BE0B680139DF8F47BA5DE3DD441C708
                                                                                                                                Function 00007FFE1A456E64 Relevance: 5.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FFE1A456CE9,?,?,?,?,00007FFE1A460582,?,?,?,?,?), ref: 00007FFE1A456E83
                                                                                                                                • SetLastError.KERNEL32(?,?,?,00007FFE1A456CE9,?,?,?,?,00007FFE1A460582,?,?,?,?,?), ref: 00007FFE1A456F0C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000001.00000002.2938850050.00007FFE1A451000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                                                                                • Associated: 00000001.00000002.2938833625.00007FFE1A450000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938872035.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938888895.00007FFE1A468000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000001.00000002.2938904937.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_3OQL58yflv.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1452528299-0
                                                                                                                                • Opcode ID: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                                                                                                                • Instruction ID: 33c700dcbbda43727ad60f5bfec39fe087911570393653a7a61029dbca3fc842
                                                                                                                                • Opcode Fuzzy Hash: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                                                                                                                • Instruction Fuzzy Hash: 181136A1F0DE4282FA55AB67A84417462A1AF44FB4F084AF6E93E077F5DF2CB4618710